The !Yahoo settlement site just went live. No doubt the fake phishing sites will be hitting email soon.
If you recall !Yahoo was massively breached in 2013, but it only reported that in 2016. Initially, only 1 billion accounts were reported affected. That number was later revised to 3 billion. Two more data breaches emerged. One in 2014, and then again in 2016. If you had an account on Yahoo! during those periods you may be eligible now to file a claim. Verizon bought !Yahoo (formerly Oath) in June of 2017. The original purchase price was reported as $4.8 billion but later discounted by about $350,000,000 after Verizon continued to negotiate the breach impact with Oath on the purchase price according to analysts. A good reminder of how a data breach can substantially reduce a company’s value in an acquisition. Board members are now more conscious of the huge costs associated with data breaches. A poster child example of why it’s necessary to create a culture of cybersecurity, innoculate your users against social engineering, patch your systems frequently, maintain good backup practices and layer your defenses. And as always be aware of and prepare your users for scam look-alike sites.
From the settlement site:
"A Class Action Settlement has been proposed in litigation against Yahoo! Inc. (“Yahoo”) and Aabaco Small Business, LLC (together, called “Defendants” in this notice), relating to data breaches (malicious actors got into system and personal data was taken) occurring in 2013 through 2016, as well as to data security intrusions (malicious actors got into system but no data appears to have been taken) occurring from, at least, January to April 2012 (collectively the “Data Breaches”). If you received a notice about the Data Breaches, or if you had a Yahoo account at any time between January 1, 2012, and December 31, 2016, and are a resident of the United States or Israel, you are a “Settlement Class Member.”
The settlement set aside $117.5 million for up to 194 million people according to Ars Technica’s article. Afflicted individuals who had out of cash pocket expenses related to their identity theft can claim up to USD 20,000.00. It all depends on the total money divided by the claims. Like the Equifax deal, if you can prove you have a credit monitoring or identity theft service with 12 months of coverage you can opt for a cash payout option of $100. But if there are more claimants than money in the pool you’ll get less or possibly nothing. If you opt for cash, you can receive up to $358.80. The identity theft insurance covers $1,000,000 to identity fraud insurance coverage for one year. You can read the excruciating details here and or submit your claim on the settlement site.