A US district judge Lucy Hoh has recently ruled that victims of Yahoo’s 1B data breach can sue the company.
The data breach exposed over 1 million user accounts and occurred from 2013 to 2016. Victims could be at risk of future identity theft and loss of value of their personally identifiable information or PII.
The case of Yahoo! INC. customer data security breach litigation, in a 93-page decision, the judge L. Koh revealed the number of potential consumers affected by the multiple breaches.
Even though the data breach size is huge, Yahoo took a relatively long time to discover the problem. Cybersecurity expert and CEO at IP Architects, John Pironti, reported that Yahoo should take responsibility for its slow response.
Individuals should have a reasonable expectation that their personal information will be properly protected by the organizations they provide it to and also to be notified immediately upon verification of a breach if their data has been compromised.
Yahoo had announced that victims of its data breach did not have the standing to sue. In contrast, the judge has ruled that victims can sue the company for potentially “risk of future identity theft” as well as “loss of value of PII”.
In addition, the judge referenced Adobe Systems, INC privacy litigation, 2014, when Adobe Systems suffered a data breach and provided plaintiffs to sue because of their exposed PII. Remijas vs Neiman Marcus Group also was mentioned in the Yahoo litigation.
The majority of plaintiffs have alleged financial damages, including an increase of the protection against potential future threats, while others mentioned that the data breach forced them to change passwords and cancel accounts.
According to J. Pironti, it is important for users and victims to have an ability to sue Yahoo for potential threats because it could be a great example and “concerning legal precedent” for possible future breaches.
If there is no negative consequence for a data breach, organizations may feel more comfortable taking risks with personally identifiable information they collect about individuals they interact with. This ultimately could result in the relaxing of security controls and requirements which would most likely lead to an increase in data breaches and open the door for less capable and sophisticated adversaries to carry out malicious attacks on system and data.
In addition, Yahoo! INC. sale price relatively decreased by $350 million because of the data breach.