Blog Confidently | Manage Your Privacy... Confidently!

Yahoo Data Breach

Written by Brent | Oct 22, 2019 4:49:08 PM

The gist of it:

After more than 5 years, Yahoo finally announced a settlement for users affected in their 2013 & 2014 breaches. It’s been a while since Yahoo admitted to the breaches in 2016, and the settlement information is not-so-surprisingly hard to find and understand -- especially if you no longer check your Yahoo email account. (Guess no one wants to make it easy for people to claim money!)  

Make sure to file your claim at www.YahooDataBreachSettlement.com if you had a Yahoo email account between 2012 & 2016, and choose either 2 years of free credit monitoring OR a cash payment of $100+ (if you already have credit monitoring… like the Equifax breach!).

The back story:

Since a member of the Confidently team was affected, we will also incorporate some of his own experiences.

In 2016 Yahoo disclosed two separate breaches they experienced in 2013 and 2014, affecting hundreds of millions if not a billion users. The breaches exposed a bunch of sensitive information including names, telephone numbers, dates of birth, encrypted passwords, and unencrypted security questions that could be used to reset a password.

It’s kind of amazing that it took 2-3 years for these breaches to even be disclosed to the public...

The settlement:

... and just as amazing that 3 years after Yahoo’s 2016 disclosure, a settlement actually came through!

If you had a Yahoo email account between January 2012 and December 2016, you can file a claim at www.YahooDataBreachSettlement.com. Scroll through all the legalese, and click on the "File Claim" button on the right-side of the page.

When you file your claim, you can choose to receive either 2 years of free credit monitoring OR a $100 cash payment, but only if you can prove you already have credit monitoring. The cash payment could actually end up to be as much as $358 if a smaller number of cash claims are filed than anticipated. 

One of our Confidently team members had a Yahoo account in that time frame. He went back and searched his old Yahoo email account, and after some time (it takes a while to scroll through 2-3 years worth of search results for “breach”!), he found the notification in 2016 that his account was affected. 

The next part of the instruction asks you to fill out a claim form on paper or online. Our team member submitted his form online, and chose the cash payment (since he already has credit monitoring). 

The deadline for filing a claim is July 2020, so we can only assume that he will receive his payment after that? We’ll keep you posted.

Our take:

Well, there’s certainly no reason not to file a claim for credit monitoring or some cash compensation. So be sure to do that if you were a Yahoo account holder.

And, unlike the Equifax settlement (where victims who opt for the $150 cash payment will likely receive far less than that), the Yahoo cash settlement will be at least $100, but could end up as high as $358 depending on the number of claims ultimately filed. So the structure of this Yahoo cash settlement is certainly better than Equifax's.

But what’s frustrating is the huge amount of time it takes for a victim to receive compensation -- in this case, as much as 7 years from the initial breach! If we apply this to, say, the Cambridge Analytica scandal, then we can maybe hope to get something by 2024? Don’t worry, we will send you one of these alerts to remind you then.

Have other thoughts or feedback? Head over to the Confidently Facebook page to leave a comment.