Yahoo to pay $50 million to victims of 2013 & 2014 data breach

Yahoo has agreed to pay $50 million to victims of 2013 and 2014 mega data breach case that has affected up to 200 million U.S consumers and three billion accounts worldwide.

In addition to this, the company will cover up to $35 million on lawyer fees related to the case and provide affected users in the U.S. with credit monitoring services for two years.

Small business can also claim back costs for losses that happened due to the hack including identity theft, delayed tax refunds and any other issues related to data loss at the hands of the breaches. Any individual who has paid for premium Yahoo email services can claim for a 25 percent refund.

Yahoo suffered huge damage when a security breach in 2013 affected 3 billion accounts and another breach in 2014, affected 500 million accounts. The parent company, Verizon, will pay half the settlement cost while Altaba, the remaining part of Yahoo will pay the other half.

Comments from Ankush Johar, Director at Infosec Ventures - an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes.

This proves how important it is for an organisation to maintain the security of their user’s data. Laws related to cybersecurity are becoming more aggressive, organisations like earlier, don’t have the option to choose a fine instead of an investment on cybersecurity as earlier the fines were cheaper but now the game has changed especially after reforms such as the GDPR which enforces a fine as a percentage of the company's global turnover.

Governments of other nations and especially the Indian government should take this as a lesson and pass similar reforms as the GDPR so that organisations in India are also made to improve their cybersecurity infrastructure because as of now, fines are not even close to this strict.

Comments from Prabesh Choudhary, Director at Cryptus Cyber Security Pvt Ltd, an organisation that provides Cyber Security Services, Corporate Trainings to the govt. & Private organisations

This was the largest attack in 2013. Hackers were able to get the credentials of users encrypted password as well of the 3 billion users followed by 500 million credentials next year. This incident turns the users to find out the alternate options like gmail,outlook etc. This was the worst attack ever on any mail providers.

Email breaches remain especially vexing to users, since they can reveal bank and family details as well as passwords that users share between systems or have received in their email accounts. Password-sharing has become so common that databases of login information are often used by hackers to test for email-and-password combinations on retailer websites like Walmart or Amazon. I have watched for years as the company appeared to fall far behind its peers in blocking spam and other email-based attacks

After this incidence took place Yahoo is notifying all the users affected and asking them to change their passwords. Yahoo owns assets far beyond its popular webmail service and its news site.