What You Should Know About The Yahoo Class Action Case
Big surprise… Yahoo is sued… again.
As a result of their latest data breach Yahoo now has a class action lawsuit against them. The suit was literally filed hours after the breach was made public.
In case you’ve been out of touch, Yahoo suffered a massive data breach in 2013 and finally put a tally to the amount of user accounts that have likely been compromised… 1,000,000,000 !
The snippets of the class action suit shed some light on the expectation that customers now have towards businesses that handle any sort of personal information
“Yahoo failed, and continues to fail, to provide adequate protection of its users’ personal and confidential information and has failed to provide sufficient and timely notice or warning of potential and actual cybersecurity breaches to its users.”
Yeah, I’d say that finally letting users know their account has been compromised 4 years later isn’t exactly timely…
Being a cybersecurity guy the ‘adequate protection’ part doesn’t jive with me. I find it hard to believe that Yahoo doesn’t have a abundance of resources at it’s disposal to provide protection.
“As a result of Defendant’s failure to maintain adequate security measures and timely security breach notifications, Yahoo Users’ personal and private information has been repeatedly compromised and remains vulnerable,”
This is true… Yahoo seems to always be the victim of massive data breaches over the years. Huge breach in 2013… another in 2014. I imagine we’ll hear about a 2015 breach this coming year (2017) based on Yahoo’s notification track record.
“Further, Yahoo Users have suffered an ascertainable loss in that they have had to undertake additional security measures, at their own expense, to minimize the risk of future data breaches including, without limitation, changing passwords, security questions and security answers, and purchasing a credit freeze on their credit files,”
This is always the case no matter the size of your company. No one really knows the long term effects of a data breach. Are the hackers going to sell the info on the digital black market today? A month from now? Years from now?
Enough dissecting…
Sure, you can say this should have never happened, but let’s be real, hacking happens. Hacking is happening all the time! Most companies that are hacked don’t even know it! It took almost 3 years for Yahoo to have an idea of the size of the breach. At least they found out!
But still, to me, this case has some lingering concerns for businesses of any size. Full disclaimer, I’m no lawyer, but I do know a thing or two about case law precedent. A customer of yours can cite this case in their lawsuit against you if this goes through. That’s scary.
I did math. I hate math.
Somehow, I was part of a class action lawsuit against Redbull and got a random check in the mail for $2.46 related unjust marketing or something. I’ll use this small number to see what the overall payout would be for the plaintiff’s of the Yahoo class action … that comes out to $2,460,000,000 is payouts, not to mention the costs to clean up the breach, lost reputation, etc. In reality, I imagine the final number will be no where near that large, but still… anything over $100,000,000 is still a lot, even to a company like Yahoo.
The lesson you should learn from all of this
Being hacked isn’t cheap. The cleanup costs a lot, notifying customers costs a lot, the hit to reputation costs a lot. Instead, the approach should be preventing the attack before it happens. Your company can spend millions on cybersecurity, which Yahoo does and most can’t afford, or you can spend a lot less.
