Yahoo suffered two major data breaches of user accounts during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million users. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially it was believed to have affected over 1 billion user accounts, but Yahoo later affirmed in October 2017 that all 3 billion of its user accounts were impacted. That’s every single user Yahoo had at the time.
Now the company is trying to pay just $117.5 million to settle these massive data breaches that compromised personal information, including email addresses and passwords. The proposed settlement was announced on Tuesday, but still needs to be approved by US District Judge Lucy Koh. This is the second settlement attempt after earlier this year the same judge said he wanted to see more benefits to consumers and a specific settlement amount.
In 2016, Verizon acquired Yahoo for $4.48 billion. The following year, Yahoo and AOL formed a new company under Verizon called Oath. It has since been rebranded to Verizon Media. “We believe that the settlement demonstrates our strong commitment to security,” a Verizon Media spokesperson told CNN Business. Since June 2017, Yahoo’s parent company has boosted its security budget, increased the number of employees in its information security group and enhanced training, policies and procedures related to security, according to court documents.