Nearly 200 million people who had sensitive information snatched from their Yahoo accounts will receive two years of free credit-monitoring services and other potential restitution in a legal settlement valued at USD 117.5 million.
The deal revises an earlier agreement struck last October, only to be rejected by US District Court Judge Lucy Koh in San Jose, California. The value of that settlement had been pegged at USD 50 million, but Koh questioned the calculations.
A more detailed breakdown used in the revised settlement drove up the estimated cost. The money will be paid by Yahoo’s current owner, Verizon, and Altaba, a holdover from Yahoo’s past that still owns a stake in Chinese internet company Alibaba Group worth billions of dollars.
If approved, the settlement will become part of the financial fallout from digital burglaries that stole personal information from about 3 billion Yahoo accounts in 2013 and 2014 — believed to be the biggest data breach ever.
And now the USD 117.5 million settlement could become largest amount ever doled out for a data breach, a recurring problem in an increasingly digitally driven world. It eclipses a USD 115 million settlement that Koh approved last year to cover 79 million people who had personal information stolen in a 2015 breach at health insurer Anthem Inc.
Yahoo didn’t begin to disclose the extent of its security breakdown until 2016 amid an FBI investigation that eventually linked some of the hacking to Russia . The revelations brought a mortifying end to the reign of Yahoo CEO Marissa Mayer, eventually prompting the company to reduce its selling price to Verizon by USD 350 million.
Verizon has since written off much of the nearly USD 4.5 billion price for the Yahoo acquisition in sign of the eroding value of that business.
Lawyers representing the Yahoo accountholders estimate about 194 million people in US and Israel will be eligible to make claims, according to court documents. Those people collectively may have had about 896 million of the Yahoo accounts hit in the break-ins.
The biggest piece of the revised Yahoo settlement disclosed in documents filed Tuesday consists of the free credit-monitoring services that will be offered to everyone covered by the deal to protect them from identity theft and other potential problems. The service from AllClear usually costs USD 14.95 per month, or USD 359 for two years. People who already have a credit-monitoring service will be eligible for cash payments instead.
Yahoo accountholders who paid anywhere for USD 20 to USD 50 annually for premium email accounts will be eligible for refunds of up to 25%. People who had to spend time protecting their identities or dealing with other issues caused by the breach can be seek to be paid at a rate of USD 25 per hour for up to 15 hours.
The settlement will also pay up to USD 32.5 million in fees and other expenses to the lawyers representing Yahoo accountholders, down from the USD 37.5 million sought in the earlier agreement — another sticking point for Koh.
A hearing on the revised settlement is scheduled for June 27.