Yahoo Settlement Proposed for $117.5 Million

In 2013, Yahoo! Inc. announced what was at the time the largest data breach in history. Over 3 billion Yahoo accounts were exposed including security questions, emails and first and last names. Now, over 6 years later, a class action settlement has been proposed. The company will devote $117.5 million to services and reimbursements for those affected by the data breach.

The Yahoo settlement statement posted on their settlement claim website, stated that multiple breaches, starting in 2012 with “data security intrusions” and happening through 2016, occurred because “malicious actors” gained access to their systems and took personal information.

In addition to holding Yahoo accountable monetarily, the settlement statement says they will also, “enhance its business practices that will improve the security of its users’ personal information stored on its databases.”

What this Means for Victims

Residents of the United States who had a Yahoo account between 2012-2016 are eligible to receive benefits from the settlement. Understand that you will have to substantiate any real impact – financial or otherwise – in order to see any possible compensation from the settlement once it has been finalized by the court

The terms of the proposed settlement include offering all victims at minimum two years of credit monitoring, or reimbursement for those who can show proof they purchased these services out of pocket because of the data breach. Monetary reimbursement can vary in amount for each victim depending on the amount of claims filed, but is estimated to not exceed $100.

It will also pay victims back for expenses that include demonstrated losses, both in terms of dollars and time. For time spent trying to remediate the consequences of the data breach, victims will be offered $25 an hour for up to 15 hours of lost time. If victims cannot provide sufficient documentation for time lost, they will be compensated for only five hours. You will be required to provide documentation and may not be compensated for the entirety of what you are claiming.

Each breach victim can claim up to $25,000 for personal harm or reimbursement. Once again, you will have to provide proof with receipts or other listed documentation to substantiate your claim for the additional cash pay-out. Victims will not start receiving services or payments until the Yahoo settlement has been approved by the court, which may take longer than one year.

How to File a Claim for the Yahoo Settlement

Victims can file claims online or via mail before July 20, 2020. Claims can be filed to receive credit monitoring services or reimbursements for cost or time, paid user accounts and small business services. To file a claim, read the instructions Yahoo provides for each type here.

Opt-Out of the Yahoo Settlement

If victims choose, they can opt-out of the settlement by March 6, 2020. By excluding themselves from the settlement, victims retain their right to sue Yahoo on their own. If victims choose to neither file a claim nor opt out, after the settlement is finalized they will not be eligible for services or reimbursements and cannot sue Yahoo on their own.

What This Means for Victims of Data Breach

In the advent of the Equifax settlement process, the consumer is held responsible to bear the burden of proof that they were impacted by a data breach is clearly becoming the status quo.

“We counsel victims that they need to document everything that they do to remediate their cases, but now the onus is on each victim to prove that they were impacted,” said Eva Velasquez, ITRC’s president and CEO. “In a day and age when we know that our data is being used as a black-market commodity in perpetuity, holding the consumer responsible for proving that they were impacted between the time of the settlement and the breach just is short-sighted. ‘Malicious actors’ are watching all of the fall-out just as everyone else does and leveraging that intelligence just as any day-trader might leverage intel on a hot stock. These settlements don’t take into consideration the long term ramifications of every record that is compromised in a breach. The impact may not be truly realized for decades.”


About the Identity Theft Resource Center®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help app. For more information, visit:

Identity Theft Resource Center
Charity Lacey
VP of Communications
O: 858-634-6390