US federal judge, setting a new benchmark in data breach cases, asked Yahoo to face the lawsuit in the federal securities class action suit filed by the shareholders.
Yahoo, which sold its internet business to Verizon Communications Inc., filed a bid in the court seeking dismissal of all the petitions filed by the shareholders demanding compensation for losses caused by share price decline.
While demanding dismissal, Yahoo argued that it had long been the target of “relentless criminal attacks”, and complainants’ “20/20 hindsight” had not affected Yahoo’s efforts to eliminate “constantly evolving security threats”
However, Judge Lucy Koh ruled against the argument and said, “Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,”, quotes SeekingAlpha.
There were many claims made by the prosecution, including contract breach and negligence. All of them were sought to be dismissed by Verizon Inc. However, Verizon found itself in the soup after Plaintiffs’ amended the complaint once Yahoo accepted that all 3 billion user data on the service were affected severely.
The complainants’ pointed out that the Yahoo’s liability terms were “unconscionable” since Yahoo was aware of these vulnerabilities in its security system and did nothing to improve the security.
Meanwhile, Yahoo, in its defense brought out the fact that the US government charged two Russian agents and two hackers of sabotage and identity theft of 500 million accounts. In the same case, a Kazakh citizen was held, who later pleaded guilty.
Yahoo suffered a setback and therefore sold the business to the Verizon Communications at a very cheap price offering a discount worth $350 million.
One of the reasons why ruling went against Yahoo is Yahoo took almost 4 years to reveal the truth about the data breach, which, according to judge, is a serious breach of contract and risking identity as well as assets of the shareholders.
The judgment said, “the plaintiffs recognize and acknowledge the expense and length of continued proceedings necessary to prosecute this action against defendants, such as opposing the second motion to dismiss and, potentially a motion for class certification, motions for summary judgment, trial, and appeals.”
In the meantime, Yahoo expressed its willingness to settle the suit by paying $80m to shareholders. However, the settlement should get approval from the court, which seems impossible in the wake of the fact that one of the plaintiffs kept himself away from the settlement.
The judgment is one of its kind; the first federal lawsuit against security breaches and identity theft. It is believed that more such lawsuits will follow the course because until now no serious consequences were ever meted out to the companies involved in such breach.