Yahoo Agrees To $50M Settlement For 2013 Hack.
One of the biggest data breaches of all time reached something of a conclusion Tuesday. Yahoo agreed to a settlement in which it would pay out a total of $50 million to those affected by the company's massive 2013 hack, (https://techcrunch.com/2018/10/23/yahoo-agrees-50m-settlement-package/) according to TechCrunch.
If approved, Yahoo will pay out the money to victims of the hack in the U.S. and Israel as compensation for having their information stolen. Though roughly 3 billion Yahoo accounts were compromised by the attack, the money will only go to the 200 million who reside in the two countries.
Though the attack took place in 2013, Yahoo did not report it to the public until more than three years later, at the end of 2016. (http://ibtimes.com/yahoo-massive-data-breach-1-billion-accounts-affected-stolen-names-email-addresses-2460671) At the time , Yahoo estimated that only 1 billion email accounts were involved and blamed the attack on an unspecified "state-sponsored actor." This was just a few months after Yahoo reported a different, smaller data breach that affected 500 million users.
However, in 2017, Yahoo's new parent company Verizon reported that the attack was significantly larger than previously reported. More than 3 billion accounts were hacked, triple the size of Yahoo's initial estimate. Usernames, passwords, birthdays and telephone numbers belonging to some of the users were compromised.
If an attack of that magnitude happened today, Yahoo may have had to report it much faster than it did. Europe's new General Data Protection Regulation (GDPR) (https://gdpr-info.eu/art-34-gdpr/) requires data holders to report attacks to authorities within 72 hours of detection, and to "data subjects" without "undue delay." There are exceptions to the latter clause, depending on the severity of the attack.
The settlement will theoretically put an end to the lawsuit Yahoo faced after the attack. Yahoo and Verizon tried on multiple occasions to have some or all of the suit thrown out, but U.S. District Judge Lucy Koh (http://ibtimes.com/yahoo-data-breach-judge-rules-users-can-sue-company-over-hack-2661934) kept it alive . Koh will decide whether or not to approve Yahoo's proposed settlement at a hearing on Nov. 29.
The Yahoo hack was (https://www.usatoday.com/story/tech/2017/10/03/biggest-data-breaches-and-hacks-all-time/729294001/) one of the largest in history , in terms of the number of users affected.