A US district judge has rejected Yahoo’s settlement offer for the largest data breach in history – and cited the case of an insurer as an example of how the tech company should have handled the situation.
Earlier this week, US District Judge Lucy Koh in San Jose, California rejected a proposed $50 million settlement by the tech company, saying that it should not call it “fundamentally fair, adequate and reasonable” because of a lack of transparency in showing how much victims can expect to recover.
Yahoo, which is now part of Verizon Communications, was accused of being too slow to disclose the three breaches from 2013 to 2016 that impacted an estimated three billion accounts, resulting in the theft of the personal information of millions of people, according to a Reuters report.
The judge contrasted the rejection with her approval of health insurer Anthem Inc’s $115 million settlement over data breaches affecting 78.8 million victims. According to Reuters, the judge said that Anthem disclosed the breaches quickly, offered free credit monitoring even before settling, and committed to upgrading its data security.
“Yahoo’s history of nondisclosure and lack of transparency related to the data breaches are egregious,” wrote Koh. “Unfortunately, the settlement agreement, proposed notice, motion for preliminary approval, and public and sealed supplemental filings continue this pattern of lack of transparency.”
Yahoo’s parent company Verizon told Reuters that, while disappointed, it was confident that it can achieve a viable path forward.
