Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages
our-team
practice-areas
investment-products

Investigations

Yahoo Data Breach Investigation

Personal Information of 500 Million Users Stolen

Goldman Scarlato & Penny is investigating a possible claim on behalf of all persons whose private information was compromised as a result of the Yahoo data breach.

On September 22, 2016, Yahoo announced that its electronic database was breached, compromising the personal information of 500 million users.  The Yahoo data breach occurred in 2014 and apparently went unnoticed for 2 years.  According to Yahoo, the stolen information may include names, email addresses, telephone numbers, dates of birth, and encrypted or unencrypted security questions and answers.  Someone in possession of this kind of information can make use of it to hack into other accounts maintained outside of Yahoo, including financial accounts.   Also, since many people use Yahoo as their primary email, messages in their Yahoo account may contain information used for setting or resetting passwords at other sensitive websites.

Yahoo claims that a foreign government was behind the Yahoo data breach.  Reports indicate that it is the largest data hack into one company’s network.  One cybersecurity expert described the attack as “massive,” and noting , “It will cause ripples online for years to come.”  Both the FBI and Yahoo are now investigating.

Reports indicate that Yahoo probably knew about the Yahoo data breach in August when a hacker claimed to be selling the private information of 200 million users.   U.S. Sen. Richard Blumenthal stated, “If Yahoo knew about the hack as early as August, and failed to coordinate with law enforcement, taking this long to confirm the breach is a blatant betrayal of their users’ trust.”   According to Blumenthal, the investigation should include “whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon.”

This is not the first time that Yahoo’s database has been attacked.  Six years ago, hackers from the Chinese military hacked into Yahoo’s computer systems.  But Yahoo’s response was unlike others at the time.  The NYT says Yahoo “was slower to invest in the kinds of defenses necessary to thwart sophisticated hackers that are now considered standard in Silicon Valley, according to half a dozen current and former company employees who participated in security discussions.”  In 2012, Yahoo’s new chief executive chose to focus on “a cleaner look for services like Yahoo Mail and developing new products over making security improvements,” according to the NYT.  A Yahoo spokesperson claims that in 2014 the company spent $10 million on encryption technology.  She said, “At Yahoo, we have a deep understanding of the threats facing our users and continuously strive to stay ahead of these threats to keep our users and our platforms secure.”

According to a vice president and analyst at Gartner Research, hackers sell bank account and credit card information.  But they also go after less obvious things such as points from hotels, airlines and video games.  They all have a value on the black market.

Yahoo urges users to change their password and security questions and to review their accounts for suspicious activity.

If you have shared personal information with Yahoo, or receive a notice from Yahoo that your personal information was compromised, of if you believe your private information has been compromised in the Yahoo data breach leading to identity theft, please contact a GSP attorney to learn more about your rights. GSP attorneys are actively litigating data breach actions against Anthem, 21st Century Oncology, Community Health Systems, Premera, Intuit, Medical Informatics, Excellus, United Shore and Target. Please contact Mark Goldman at goldman@lawgsp.com or call (484) 342-0700 with any questions you may have.  Please also check our websites:  www.lawgsp.com and www.anthemdataclassaction.com.

In our legal system, every person is innocent until and unless found guilty by a court of law or a tribunal. Whenever we reference “allegations” or charges that are “alleged,” such allegations or charges have not been proven, and are merely accusations, not findings of fault, as of the date of the blog. We do not have, nor do we undertake, a duty to continue to monitor or follow cases about which we report, and/or to publish subsequent updates regarding various developments that may occur in such cases. Readers are encouraged to conduct their own research regarding any such cases and any developments that may or may not have occurred in such cases. Also, the brokercheck report linked to some of our blogs is the up-to-date version as of the date of posting. Visitors may check the most recent version of each brokercheck report at www.finra.org.

Leave a Reply