Yahoo Hack Victims Line Up To Get $100 (Or Less) For Historic Hack
from the timid-and-pointless dept
It seems like only yesterday that we learned of the historic hack of Yahoo, resulting in the leaked data of more than 500,000 subscribers. Granted, like most hack stories, it didn't take long before we learned that the impacted number of subscribers was far far larger, with in fact several different hacks resulting in the leaked data of roughly 3 billion potential users, or pretty much everybody that had ever used the service.
Granted like other similar hacks, the $117.5 million settlement "holding Yahoo accountable" didn't do anything of the sort. The settlement website has gone live, and is informing impacted users that they may be entitled to $100 as a result of the breach. Of course, just like the flimsy Equifax hack and settlement, users are also being told that they shouldn't actually expect to get that money depending on the number of folks interested in actually being compensated:
"Settlement Class Members are encouraged to submit a claim to receive a minimum of two years of future Credit Monitoring Services. If you already have Credit Monitoring Services, you may still sign up for this additional protection. Alternatively, if you verify that you already have a credit monitoring service that you will keep for at least one year, you may submit a claim for a cash payment of $100.00 instead of receiving Credit Monitoring Services through the Settlement. Payment for such a claim may be less than $100.00 or more (up to $358.80) depending on how many Settlement Class Members participate in the Settlement."
That $358 tally is never going to happen given people like free money. Much like the "historic" settlement in the Equifax case, users are being promised either free credit reporting software or a cash payout the settlement isn't robust enough to actually support. But as we've noted previously, credit reporting is largely a useless perk; it's already been given away free as the result of an endless series of previous similar hacks, and it's usually only included in these kinds of cases to give the illusion of a fatter pot, letting feckless regulators proclaim "record" settlements.
At least in this case, the Yahoo settlement makes it clear you probably won't be getting that full $100, something the Equifax settlement administrators and the FTC only revealed after the fact while proclaiming "surprise" at the number of people eager to be modestly compensated.
As it stands, the option to nab either worthless credit monitoring (or cash you probably won't actually see) is available to US or Israeli residents who had a free Yahoo account at any time between January 1, 2012 and December 31, 2016. Like the Equifax settlement users may also be eligible for up to $25,000 if they can prove the hack directly resulted in financial harm via identity theft (no easy feat). The settlement is still pending final approval, but impacted users must make their claim for free credit monitoring or a cash payout by July 20, 2020.
Ultimately, no matter how many times regulators proclaim these kinds of settlements involve "record" financial tallies, they're doing little to nothing to either aid users, or hold companies accountable for making securing private user data an afterthought.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: class action, data breaches, hacks, payments, settlements
Companies: yahoo
Reader Comments
Subscribe: RSS
View by: Time | Thread
They're learning
They have learned one thing from the EquiFax kerfuffle - to request the money, you have to prove you already have credit monitoring covering at least the next year.
[ link to this | view in thread ]
So, if you are 90 plus years old, which makes getting a loan unlikely, and have no credit monitoring because you do not need it, you have to take something that has no value to you, rather than try for some cash.
[ link to this | view in thread ]
Re: They're learning
Since you're not going to be getting any money out of Equifax, you may as well sign up for their free credit monitoring, then use that to get money out of Yahoo.
[ link to this | view in thread ]
Re:
You don't have to take the credit monitoring. But even if you don't need it, you can claim it from some other settlement just so you can ask Yahoo for the cash.
[ link to this | view in thread ]
$117.5 million divided by 3 billion...
is like, what, 3.9 cents each? Oh yeah, that'll teach Yahoo a lesson!
[ link to this | view in thread ]
Payment for such a claim may be less than $100.00 or more (up to $358.80)
So... anywhere between $0 and $358.80, tending toward $0.
[ link to this | view in thread ]
"That $358 tally is never going to happen given people like free money."
Free money? I think they've already paid a hefty price for that money.
And I think that your personal data is worth more than 100 USD, tbh. In fact, a breach like this should bankrupt Yahoo itself, and even bring legal responsibilities on its management, administrators and why not, even their stake holders.
Limited responsibility shouldn't cover negligence, tbh.
[ link to this | view in thread ]