Ken Wolter / ShutterstockYahoo is close to reaching a $117.5 million settlement in a class-action lawsuit over a series of data breaches that affected users between 2012 and 2016 — and you’re likely eligible for your $100 cut or free credit monitoring if you had an account during that time.
The class-action lawsuit comes after several major data breaches or “data security intrusions” — essentially when a hacker got into the system but didn’t take any information — that plagued Yahoo over the course of several years. Yahoo sent out an email about the settlement on Wednesday, detailing all the of the breaches that happened over the years.
In 2012, two different hackers accessed Yahoo’s internal systems, but didn’t take anything. In 2013, “malicious actors” got into the company’s database and took records from all of Yahoo’s accounts — roughly 3 billion in all. The hackers behind that breach could have gotten into users’ email accounts, calendars, and contacts.
A data breach in 2014 involved Yahoo’s user database, where hackers were able to take the names, email addresses, telephone numbers, birthdays, passwords, and security questions and answers from about 500 million accounts.
While this is not nearly as big as the $700 million settlement that credit agency Equifax agreed to for its 2017 data breach involving the personal information of about 147 million people, it’s still a substantial sum. Here’s what you need to know about the Yahoo data breach settlement.
What are your claim options for the Yahoo settlement?
Like other data breach settlements, you’re not just entitled to cash. Yahoo is offering two years of free credit-monitoring services to anyone who had a compromised account. If money sounds better to you, you can ask for a cash payment of $100 as long as you verify that you’ve already signed up for a credit-monitoring service. There are plenty of free credit-monitoring services online — including Credit Karma — that you can quickly sign up for if you choose this option.
There is, of course, a catch to all of this. The settlement is a set amount of $117.5 million, meaning there’s only so much cash to go around. If too many people sign up for the cash option, you’ll have to split the pool. That means you might sign up for a $100 settlement and end up actually receiving substantially less. The same thing happened with the Equifax settlement — leading the Federal Trade Commission (FTC) to recommend people not choose the cash option because it would likely be tiny.
Yahoo even warns users of that possibility on the claim website: “Payment for such a claim may be less than $100 or more (up to $358.80) depending on how many Settlement Class Members participate in the settlement,” the company wrote.
There are a few more options if the data breaches hit you more than most: If you had to spend time or money dealing with identity theft or other problems you believe stemmed from the hacks, you can file a claim for up to $25,000 in out-of-pocket losses. Small businesses and anyone who paid for premium Yahoo mail may also be eligible for additional compensation based on what they paid for those services.
How to claim your Yahoo data breach settlement
Anyone who had a Yahoo account between January 1, 2012, and December 31, 2016, and is a resident of the United States or Israel is eligible for the settlement. To file your claim, simply visit the claim website and fill out the claim form that’s relevant to you. For most people, that’s the basic account holder claim form.
If you only want the $100 claim or credit-monitoring services, you’ll just need your Yahoo username. If you want to make a bigger claim for lost time or out-of-pocket expenses due to the breach, you’ll need to upload supporting documentation, like receipts, account statements with unauthorized charges, or letters from the IRS.
The deadline to make a claim is July 20, 2020.