“Yahoo must pay $50 million in damages to victims of one of the largest data breaches on record. On Monday, a settlement was filed with the United States District Court in California which laid to rest the two-year-old lawsuit. Yahoo has agreed to pay $50 million in compensation to victims of the security breach, estimated to be roughly 200 million individuals. In addition, the tech giant will provide a minimum of two years of free credit monitoring to those involved.
The settlement relates to two separate breaches, taking place in 2013 and 2014. The first data breach impacted all of Yahoo’s three billion accounts. The company said at the time that the theft of source code permitted attackers to access an account at will, even though passwords were not stored in plain text. In the second cyberattack, the firm said 500 million accounts were affected and compromised by a ‘state actor’ who stole user credentials. Names, email addresses, telephone numbers, dates of birth, hashed passwords, and — in some cases — encrypted or unencrypted security questions and answers were exposed.”
Source: Yahoo agrees to pay $50 million to settle data breach lawsuit | ZDNet