Yahoo will have to pay $50 million in damages as part of an agreement after the massive data breaches that took place in 2013 and 2014. The first violation affected three billion accounts, while the second affected 500 million accounts, none of which was revealed until 2016. The information usurped included passwords that were encrypted but could be deciphered.
The $50 million fund will compensate affected account holders with $25 for each hour dedicated to dealing with the consequences of the breach. Those with documented losses can claim up to $375, while those without records of their losses can request up to $125. Account holders who paid for a premium account will also be eligible for a 25% refund. The company will also have to pay for at least two years of credit monitoring services for some 200 million users who were robbed of personal information.
Yahoo revealed the data breaches in 2016, after it had already negotiated a $4.83 billion deal to sell its digital services to Verizon Communications (which then dropped to $350 million as a result of reputation damage derived from the violation). Verizon will now be responsible for half the settlement cost, while the other half will be paid by Altaba Inc., the company established to maintain Yahoo investments in Asian companies after the sale. Altaba has already paid a fine of $35 million imposed by the Securities and Exchange Commission for the delay of Yahoo in disclosing the breach to investors so, this resolution, which will be issued by a judge on November 29, is proving to be one of the largest, and most expensive data breaches in history.