Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday February 02 2019, @03:40PM   Printer-friendly
from the not-such-a-good-deal dept.

Submitted via IRC for Bytram

Judge blocks Yahoo data breach payout

A judge has rejected Yahoo's attempt to draw a line under a series of breaches it experienced between 2013 and 2016. The firm had proposed a payout to lawyers acting on behalf of affected US and Israeli users. But while the deal said the attorneys could claim up to $37.5m (£28.5m) in fees and costs, it did not disclose the sum reserved for victims. The California judge also objected to Yahoo being too vague about what remedial steps it was taking.

Details of the ruling were first reported by the Courthouse News Service, which has also published the decision in full.

Judge Lucy Koh has form in dealing with contentious cases involving tech giants. She previously oversaw a high-profile patent dispute between Apple and Samsung, and has also presided over headline-making cases involving YouTube, Qualcomm and Tesla.

The Yahoo class action lawsuit specifically covers three data breaches that affected the web portal's users' personal information:

  • a 2013 event in which hackers were able to access all 3 billion Yahoo accounts
  • a 2014 attack, which the firm said had affected more than 500 million accounts
  • a breach that happened between 2015-16, in which the plaintiffs allege that the data stolen in 2014 was used to gain access to specific user accounts

The lawyers pursuing the case noted that Yahoo had repeatedly delayed notifying the public of the incidents until some time after it had become aware of them.

In one instance, the business acknowledged it had paid for data from millions of its hacked accounts that had been advertised on the dark web, but disputed claims that it had failed to prevent the information being purchased by others. Among the evidence presented to the court was a report submitted by the plaintiffs that alleged there had been further breaches dating back to 2008 involving "several million accounts", which Judge Koh noted that Yahoo continued to deny.

[...] The judge first expressed reservations about the settlement at a hearing in November, when she complained that she had been unable to "figure out the total estimated sum" being promised.

And on Monday, she formally rejected the deal.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by Runaway1956 on Saturday February 02 2019, @04:17PM (5 children)

    by Runaway1956 (2926) Subscriber Badge on Saturday February 02 2019, @04:17PM (#795422) Journal

    My question is, "Why Yahoo?" Other tech giants have done as bad, or worse, I'm pretty sure. Why come down hard on Yahoo? Is their negligence really that much worse than some of the others we've read about?

    Still, even if the judge is being harsher on Yahoo that she might be on another giant, this IS the kind of thing we need more of. Screw all those "boiler plate" contracts, Terms of Use, EULA, etc ad nauseum. When a corp screws up, they need to make it right. This plea bargaining thing needs to stop.

    Once they've bargained it down, the penalty for the corporation amounts to a fifty dollar fine for an individual. And, the private parties involved certainly DO NOT recover any losses. In this case, it isn't clear that anything was being reserved for payout to users who were affected - it was all going to lawyers!

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by RS3 on Saturday February 02 2019, @05:01PM (2 children)

    by RS3 (6367) on Saturday February 02 2019, @05:01PM (#795428)

    Several thoughts, just theorizing though.

    The legal system, somewhat like the news, tends to swarm; you know, people see a crowd and are attracted to "what's everyone doing over there?"

    Or liken it to carnivores in the wild- scavengers circle hoping for some scraps.

    Maybe Yahoo! is easy-pickens.

    That said, there's something to be said for focusing resources and efforts on one big and fairly easy problem. Once that case is decided, precedent is set, and you go after the others.

    Yes, the lawyers ALWAYS win. I often think I should have gone that route. I'd be one of the good ones, and they do exist.

    • (Score: 1) by Ethanol-fueled on Saturday February 02 2019, @09:17PM (1 child)

      by Ethanol-fueled (2792) on Saturday February 02 2019, @09:17PM (#795472) Homepage

      Yahoo is a dead horse, and people are indeed beating it. Perhaps a healthier target could put up more of a fight?

      • (Score: 2) by RS3 on Saturday February 02 2019, @11:07PM

        by RS3 (6367) on Saturday February 02 2019, @11:07PM (#795493)

        You know they're owned by Verizon, right? Dovetailing with what you said, it raises the question: what's Verizon's role, responsibility, what will they do, etc. It'll be interesting to watch, and might set precedent.

  • (Score: 2) by bobthecimmerian on Sunday February 03 2019, @01:53PM (1 child)

    by bobthecimmerian (6834) on Sunday February 03 2019, @01:53PM (#795675)

    I thought Yahoo was relatively unusual in that they had both an enormous breach and also that they lied about it to the public and regulators for years?

    That said, I think all this will do is amount to a slap on the wrist for Yahoo and its owners. Talk to me when the courts decide, "You willfully abused the public trust. All your assets will be liquidated and divided up among your users, the company is shut down effective immediately."

    The real lesson, which they should be teaching every kid in every school, is that a business will put its own interests in front of the interests of customers and employees. Centralized email and social network hosting will always fuck the users because fucking the users is the core business model.

    • (Score: 2) by PartTimeZombie on Sunday February 03 2019, @11:19PM

      by PartTimeZombie (4827) on Sunday February 03 2019, @11:19PM (#795870)

      That sounds right to me.

      They also provided email services to ISP's from all over the world, including the one I use.

      As soon as the really big breach was made public my ISP bought email back inhouse, and began their own legal action against Yahoo!

      I have no idea how this ruling might affect that case, but I did hear the CEO of my ISP on the radio last year say something along the lines of "it will have no financial consequences for (ISP), so I assume the costs will be paid for by Verizon, or whatever Yahoo! has mutated into.