Derek Borchardt and Craig A. Newman write:
In the first notable resolution of a data breach-related securities fraud case, a federal court has preliminarily approved Yahoo!’s $80 million settlement based on multiple hacking incidents. As we reported, Yahoo! suffered two cyber-attacks in 2013 and 2014, which compromised the personal information of billions of users. Yahoo!, however, did not publicly disclose the breaches until late 2016, which opened up the company to a slew of critics, including Congress.
The first securities fraud class action by a shareholder against Yahoo! was filed in January 2017. The case was later consolidated with another similar action. The shareholders alleged in their complaint (which was amended after consolidation) that Yahoo!’s public filings touted the company’s robust systems and procedures in place to guard against and respond to data security incidents, including a promise that the company would publicly disclose any breach soon after it was discovered.
Read more on Paterson Belknap Data Security Law Blog.