Yahoo Faces Another Class Action Over 2014 Data Breach

Another Yahoo class action lawsuit has been filed against the tech giant for failing to keep its customers’ data secure, as well as failing to inform the public in a reasonable amount of time after a massive security breach.

Yahoo announced on Sept. 22, 2016, that two years earlier a “state-sponsored actor” had stolen personal information of approximately 500 million Yahoo users.

Information obtained by the hackers included consumers’ names, email addresses, telephone numbers, security questions, and encrypted passwords.

The class action notes that Yahoo did not explain why it took so long to discover the hacking of its sensitive information, or how long Yahoo had known of the data breach prior to its press release.

The Yahoo email data breach class action lawsuit cites a report from the Financial Times which stated that Yahoo executives knew about the data breach in July of 2016, but did not disclose it to the public until September.

The complaint asserts that “Yahoo’s delayed disclosure of the 2014 data breach reveals (a) for two years, Yahoo failed to securely store its users’ confidential, sensitive personal information; and (b) Yahoo failed to timely notify its users of the 2014 data breach.”

The class action states that Yahoo’s website attracts more than one billion visitors each month, and has collected personal data on hundreds of millions of Internet users.

Though Yahoo’s privacy policy states that it takes the privacy and security of its users’ information “seriously,” the class action disputes that claim.

According to the complaint, Yahoo’s email accounts were hacked by the Chinese military in 2010, along with other internet companies such as Google.

The class action contends that Google took the threat of additional data breaches seriously, by hiring “hundreds of security engineers” and adopted an internal motto of “never again.”

However, unlike Google, Yahoo calls its own security team “The Paranoids” and allowed their requests to be overridden by other departments within the company, according to the lawsuit.

Because of this lack of internal security, the class action argues, Yahoo negligently allowed the data breach and breached its implied contract with users.

In addition, the class action alleges that Yahoo violated California consumer protection law by not disclosing the breach as soon as the company discovered it.

This is not the first class action filed against Yahoo for this data breach. A Sept. 26, 2016, article on TopClassActions.com reported that several lawsuits were filed against Yahoo for the 2014 data breach. Those lawsuits make similar allegations against the company.

This Yahoo email data breach lawsuit seeks to represent a Class of “[a]ll persons in the United States who were or are Yahoo account holders and whose personal information was accessed, compromised, or stolen as a result of the data breach announced by Yahoo on September 22, 2016.”

The class action is asking for restitution and damages, including punitive damages, and free credit-monitoring services for every member of the proposed Class.

Plaintiff Gary Hirt states that he is a Yahoo user, and gave the company his “private, sensitive personal information.”

After learning of Yahoo’s data breach, Hirt claims that he enrolled in a credit-monitoring program and “suffers from anxiety and distress as a direct result of Yahoo’s misconduct.”

Hirt is represented by Francis A. Bottini, Jr., Albert Y. Chang, and Yury A. Kolesnikov of Bottini & Bottini, Inc.

The Yahoo Email Data Breach Class Action Lawsuit is Gary Hirt v. Yahoo! Inc., Case No. 5:16-cv-05911, in the U.S. District Court for the Northern District of California, San Jose Division.

UPDATE: On Jan. 28, 2019, a federal judge denied a $50 million Yahoo class action settlement, finding the proposed deal lacked specific information about ways the tech company would improve data security.

UPDATE 2: On July 20, 2019, a federal judge has preliminarily signed off on a $117 million class action settlement agreement between Yahoo and accountholders who were affected by numerous data breaches.

UPDATE 3: September 2019, the Yahoo data breach class action settlement is now open. Click here to file a claim.