Just two days after Yahoo! admitted that hackers had stolen its database of at least 500 million accounts, two users in San Diego, California, filed the first class-action lawsuit against the company.
Thanks to the break-in, the hackers now have millions of people’s personal information, including their names, email addresses, security questions (encrypted and unencrypted), telephone numbers, hashed passwords and dates of birth.
The lawsuit accuses Yahoo! of negligence regarding its poor security, failing to take due care of sensitive information and flouting the Federal Stored Communications Act.
Hundreds of more cases are expected
David Casey, the plaintiffs’ lawyer, believes that hundreds of cases will be filed against Yahoo!. “There’s a sense of violation,” he told The Register. “We think they breached their duty of trust to the clients and violated privacy laws.”
According to Mr Casey, one client has noticed unusual activity on his credit card since the attack, and the other is worried the hackers have viewed their financial and tax information.
The security breach, for which state-sponsored hackers have been blamed, actually occurred back in 2014, meaning Yahoo!’s users were unaware their information had been leaked for two years. Yahoo! is accused of failing to detect the attack and inform their users sooner.
Potentially, this lawsuit could cost Yahoo! millions, not only because it will likely have to pay out some form of compensation to some of its users, but because Verizon, which wants to acquire the company, is expected to reduce its bid. Back in July, Verizon was prepared to purchase Yahoo! for $4.8 billion – this figure is likely to be dramatically lowered.
Furthermore, it’s possible that Yahoo! will be hit with lawsuits in other countries too, since its user-base is a worldwide.