Between 2013 and 2016, Yahoo was hit by massive data breaches that affected every user on the platform at the time, approximately 3 billion users.
After the data breach, Yahoo apologized for its customers saying their names, email addresses and passwords were breached and not their financial information. In 2016, Yahoo rebranded to Verizon Media after Verizon acquired it for $4.48 billion.
On Tuesday, in a case over the data breach that affected three billion users, a settlement was proposed that would require Verizon-owned Yahoo to pay $117.5 million after a US District Judge rejected the first settlement of $50 million plus other expenses in January.
This new proposal still needs Attorneys approval and the judge’s review. Part of this new proposal said:
“Following the Court’s denial of the first proposed settlement, the Parties immediately set about addressing the issues the Court identified, re-engineering the resolution of this case…”
According to the new settlement, part of the $117.5 million would pay notice and administration costs ($6 million), Attorneys’ fees ($30 million), costs and expenses ($2.5 million), and out-of-pocket expenses related to identity theft, lost time, and much more.
In this new settlement, the compensation would include “all US & Israeli residents and small businesses with Yahoo accounts at any time between 2012 and 2016.”
In the previous settlement, there was an attempt to include plaintiffs from Australia, Venezuela, and Spain, but the court rejected the application.
In the new proposed settlement, Yahoo has committed to maintaining an information security budget of approximately $300 million over the next four years, something which the plaintiffs agreed is “fair, reasonable, and adequate.”
However, this is not the first time a data breach lawsuit is facing Yahoo. The veteran platform had previously settled $35 million with the Securities and Exchange Commission for misleading investors by failing to disclose the data breaches.
In the meantime, Yahoo is optimistic that it has boosted its security to prevent recurrence of such incidents. “We believe that the settlement demonstrates our strong commitment to security,” a Yahoo spokesperson told CNN Business.
According to court documents, the veteran company has boosted its security budget since 2017 by increasing the number of employees in its security department, enhancing training, and developing policies related to a security breach.