Judge rejects proposed settlement to Yahoo data breach lawsuit

A federal judge in San Jose, California, has rejected a proposed settlement that would put an end to the years-long lawsuit over the company’s 2016 disclosure that it had been hit by nation-state hackers that exposed hundreds of millions of accounts. US District Judge Lucy Koh, who has presided over many tech-related cases, including the Apple v. Samsung trial, lambasted Yahoo for its lack of transparency over how it has handled the aftermath of the breach. "Yahoo has not committed to any specific increases in budget for data security and has made only vague commitments as to specific business practices to improve data security," she wrote. "Yahoo’s history of nondisclosure and lack of transparency related to the data breaches are egregious. Unfortunately, the settlement agreement, proposed notice, motion for preliminary approval, and public and sealed supplemental filings continue this pattern of lack of transparency." The proposed settlement would have paid out $50 million to the affected users, plus two years of free credit monitoring for approximately 200 million people in the United States and Israel. Last year, Judge Koh approved a settlement over the Anthem data breach: the company agreed to pay $115 million to cover 79 million victims, who also received free credit monitoring even before the settlement was approved. In 2017, the company also disclosed that four years earlier, all of its accounts were compromised.