The settlement proposal by Yahoo over some of the largest data breaches has been rejected by the US court. Mass tort litigation was brought against Yahoo after the company failed to report two major data breaches in 2014 and 2016. The breaches compromised the data security of over 3 billion users. According to Reuters, the company would pay a compensation of $50 millionto around 200 million people in the United States and Israel. Also, Yahoo would provide them with two years of free credit monitoring services.
Reportedly, the company had never revealedthe cost of the credit monitoring services or the exact amount of the settlement fund.Lucy Koh,a judge at the US district court rejected the settlement proposal overthe same grounds.“The proposed notice does not disclose the costs of credit monitoring services or costs for class notice and settlement administration, and does not disclose the total size of the settlement fund,”Koh wrote in the ruling. “Without knowing the total size of the settlement fund, class members cannot assess the reasonableness of the settlement.”
Yahoo hadmanaged to keep the scope of the breaches confidentialuntil July 2016 when it decided to sell its internet business to Verizon, an American telecommunications company for $4.83 billion.
The company’s recordof lack of transparency regarding the data breaches isunlawfulas explained by the judge.