Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users.

The suit was filed by several shareholders in January 2017, alleging the web services provider intentionally misled them about its cybersecurity practices, in turn, causing the company’s stock prices to drop.

According to reports, it is still unclear whether the proposed settlement will close the case, as one of the named plaintiffs in the suit did not agree to it.

The settlement includes all those who purchased or acquired Yahoo securities on the open market between April 30, 2013, and Dec. 14, 2016.

In the second half of 2016, Yahoo disclosed two massive breaches that compromised user account data, including names, email addresses, telephone numbers, dates of birth and hashed passwords.

Initially, the company reported a 2014 breach, which it said had impacted roughly 500 million user accounts. Months later, it announced a separate breach that dated back to 2013.

At the time, Yahoo said it believed one billion user accounts had been affected but it wasn’t until October 2017 that it confirmed that all three billion of its user accounts had been impacted.

If the court approves the settlement, it will mark the first recovery in a shareholder lawsuit involving a data breach.

Meanwhile, experts argue Yahoo will continue to face the fallout from the breaches that occurred several years ago.

“This is likely not the last loss of Yahoo related to the breach: reputational damage is ongoing, and new lawsuits may be filed in other jurisdictions or by victims who opted out from the class action,” Ilia Kolochenki, CEO at Hi-Tech Bridge, told Infosecurity Magazine.

Despite the incidents, Verizon acquired Yahoo for $4.48 billion last year – (Read more...)