Yahoo Data Breach Leads to Losses, Lawsuits

Yahoo Data Breach Leads to Losses, Lawsuits Being Filed
Yahoo Data Breach Leads to Losses, Lawsuits Being Filed

Yahoo Facing Scores of Lawsuits

Yahoo is now facing scores of class action lawsuits, including one brought by a small business owner in Texas over allegations that the business owner’s identity, website information, and online advertising—which are handled through Yahoo—were compromised during two large data breaches that were revealed in 2015.

Specifically, the small business owner alleges that Yahoo and its subsidiary, Aabaco Small Business LLC, breached its contract, negligently permitting hackers to access data on one billion Yahoo users when the two breaches occurred. This lawsuit was filed in California federal court, according to allegations, which also include that Yahoo neglected to protect the so-called “treasure trove” of personal data the plaintiff provided to the company for the purpose of setting up and paying for an account in 2009. The alleged data theft led to numerous fraudulent bank account charges and an unauthorized card that was opened in his name.In September 2015, Yahoo announced that, in late 2014, data from 500 million accounts were stolen. That Yahoo data breach was believed to be the largest in history; however, in December 2016, Yahoo announced that, in 2013, hackers stole account data for one billion of its users in 2013. Although the business owner alleges Yahoo claims the data taken only involved email addresses and passwords and not bank account information, it remains unknown if Yahoo’s descriptions of the magnitude of the breaches are accurate. “Given that more than three years elapsed before Yahoo disclosed the 2013 data breach and more than two years passed before Yahoo disclosed the 2014 data breach,” the plaintiff “is rightfully skeptical of Yahoo’s self-serving statements,” the complaint indicates.

Allegedly, as well as paying Yahoo thousands of dollars “for services that subjected him to a security breach,” the plaintiff was victimized by actual identity theft due to either or both hacks. The complaint also indicated that the plaintiff incurred fraudulent charges on one credit card and one debit card, which were both on file with Yahoo to pay for the website services. The complaint also alleges that the plaintiff only provided Yahoo with that specific information on the one debit and one credit card. The lawsuit alleges that, along with the fraudulent charges, an unauthorized credit card was opened in the plaintiff’s name with charges made to that account, as well.

The complaint includes claims for breach of contract, breach of implied contract, negligence, fraudulent and negligent inducement, and violations of California’s Unfair Competition Law. The lawsuit is filed in the U.S. District Court for the Northern District of California.

The product liability attorneys at Parker Waichman LLP have decades of experience representing consumers in class action lawsuits. The firm continues to offer free legal consultations to individuals with questions about filing a data breach class action lawsuit.

Yahoo Data Breach Background

Yahoo disclosed two enormous data breaches 2016. In September 2016, Yahoo indicated that hackers stole data from 500 million users in 2014. In December 2016, Yahoo indicated that over one billion accounts were hacked in a different cyber attack in 2013. The Securities and Exchange Commission (SEC) is reviewing the issues, according to

In February 2017, another Yahoo data breach—the third in a few months—was revealed. Yahoo claims that the third disclosure is not new and was disclosed in October 2015; however, Yahoo simply mentioned the breach in a SEC filing that most people had likely not read. What’s more is that this was an atypical breach. indicated that hackers did not just access servers and steal data. In this case, hackers penetrated accounts without ever accessing passwords. While Yahoo disclosed a cyber attack in 2016, it only just revealed that 32 million accounts might have been impacted. The two prior Yahoo attacks impacted more than one billion Yahoo attacks. According to Reuters the newest disclosures were made in Yahoo’s latest SEC 10-K filing

“In November and December 2016, we disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password,” Yahoo wrote. “Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies. The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016,” Yahoo continued. “We believe that some of this activity is connected to the same state-sponsored actor believed to be responsible for the 2014 Security Incident.

The forged cookies have been invalidated by the Company so they cannot be used to access user accounts,” Yahoo added. According to, the cookies have purportedly been invalidated so that they may not be used to access user accounts. Forged cookies permit an intruder to access a user’s account without a password.

In 2014 a data breach was disclosed in September and affected more than 500 million user accounts starting with late 2014. The 2013 security incident was disclosed in December and impacted more than one billion accounts. According to what Yahoo disclosed, to date, 43 consumer class action lawsuits have been filed due to the various data breaches, reported.

Yahoo Data Breach Leads to Losses, Lawsuits Being Filed
Yahoo Data Breach Leads to Losses, Lawsuits Being Filed

The data breaches led to Yahoo holding back its 2016 cash bonus award for Chief Executive Officer (CEO), Marissa Mayer. Ms. Mayer also offered to pass on any 2017 annual equity award. The breaches also directly impacted the Verizon deal. While the purchase will continue, Verizon dropped the offer to $4.48 billion, down by $350 million. Ms. Mayer wrote: “When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies. However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.”

According to The Associated Press, “Yahoo’s handling and disclosure of the breaches is also under investigation by the Securities and Exchange Commission and the Federal Trade Commission. The Sunnyvale, California, company says it has spent $16 million investigating the breaches and covering the legal expenses so far.”

Filing a Class Action Lawsuit

If you or someone you know is interested in filing a class action lawsuit, contact Parker Waichman today. Our experienced product liability attorneys offer free, no-obligation case evaluations. For more information, fill out our online form or call 1-800-YOURLAWYER (1-800-968-7529).