- Yahoo has agree to pay damages of $117.5 million to users in US and Israel
- Eligible users can file a claim to be reimbursed for hack-related expenses
- An online administrator page has been established to help determine eligibility
Yahoo has agreed to settle a class action lawsuit and pay damages of $117.5 million for faulty security measures.
Yahoo has set up an online administrator service to help users determine whether they’re eligible to file a claim.
If you had a Yahoo account between 2012 and 2016 you may be eligible for damage payment resulting from a class-action lawsuit filed against the tech giant.
Some users will be eligible for credit monitoring and identity recovery assistant services from AllClearID, paid for by Yahoo.
Others will be eligible for a cash payment of up to $358.80 to reimburse for credit monitoring services paid out of pocket.
Scroll down for video
Yahoo recently reached a settlement in a class action lawsuit filed as a result of the privacy breach and agreed to pay $117.5 million in damages to residents of the US or Israel.
To be eligible for damages, users will have to have either owned a Yahoo account between January 1, 2012 and December 31, 2016, or been sent a notice of data breach from Yahoo between 2016 and 2017.
For those uncertain as to whether they qualify, an administrator website has been established with a contact form for individual queries.
There are several different criteria used to determine damages.
On at least three instances between 2012 and 2016, hackers breached Yahoo’s security measures and gained access to private information connected to its more than 3 billion accounts.
Hackers obtained access to names, email addresses, telephone numbers, calendars, passwords, and a range of other personal information.
People whose identities were stolen and incurred direct expenses as a result will be eligible for reimbursements of up to $25,000.
Those who paid for premium Yahoo accounts or Yahoo Small Business User services can apply for up to a 25 percent refund of subscription fees.
The deadline for submitting a claim form is July 20, 2020.
In May, a Reuters investigation found that Russia’s criminal underworld is trading hundreds of millions of stolen usernames and passwords belonging to Yahoo, Gmail and Hotmail accounts.
According to Alex Holden, founder and chief information security officer of Wisconsin-based Hold Security, the details of 272.3million stolen accounts are now being traded.
Of this batch, Yahoo Mail credentials totaled 40million, or 15 per cent of the haul.
They are separate from this hack, however, which in August was revealed to have provided hacker ‘Peace’ with the credentials of 200million Yahoo accounts, which he was offering on the dark web for just 3 bitcoins – roughly $1,860.
And now Yahoo is saying that 500million accounts, and their attached email addresses, personal information and hashed passwords, were compromised.
That puts the beleaguered tech company at the top of the unhappy league table of hacking victims.
According to Graphiq, Yahoo is comfortably – or uncomfortably – ahead of a 2007 hack that compromised the credit and debit card details of 94million customers of TJX Companies, which owns TJ/TK Maxx and other off-price retailers.
Just beneath is AOL, which lost 92million screen names and emails to an employee in 2004. That employee then sold the data to spammers, who used them to send 7billion unsolicited emails.
More recently, JP Morgan Chase became the worst-hit US banking company ever in 2014, with 83million records compromised.
They are followed by Anthem, Inc (2013, 80million customers’ personal details, social security numbers and healthcare ID numbers compromised); Target (2014, 40million shoppers’ card details breached); and Home Depot (2014, 56million credit card accounts hacked).