User sues Yahoo for negligence over hacking
Yahoo Inc. was sued on Friday by a user who accused it of gross negligence over a massive 2014 hacking in which information was stolen from at least 500 million accounts.
The lawsuit was filed in the federal court in San Jose, California one day after Yahoo disclosed the hacking, unprecedented in size, by what it believed was a “state-sponsored actor.”
Ronald Schwartz, a New York resident, sued on behalf of all Yahoo users in the United States whose personal information was compromised. The lawsuit seeks class-action status and unspecified damages.
A Yahoo spokeswoman said the Sunnyvale, California-based company does not discuss pending litigation.
The attack could complicate chief executive Marissa Mayer’s effort to shore up the website’s flagging fortunes, two months after she agreed to a $4.8-billion sale of Yahoo’s internet business to Verizon Communications Inc.
Yahoo on Thursday said user information including names, email addresses, phone numbers, birth dates and encrypted passwords had been compromised in late 2014.
But the lawsuit suggested that the
breach might have been warded off had Yahoo, having been targeted by hackers before, lived up to its promise of taking user privacy “seriously” and bulked up its security measures.
It also faulted Yahoo for taking roughly three times longer than organizations typically need to uncover the breach.
Yahoo demonstrated “reckless disregard for the security of its users’ personal information that it promised to protect,” according to the complaint.
Schwartz is represented by two large US class-action specialists, the law firms Robbins Geller Rudman & Dowd and Labaton Sucharow.
The case is Schwartz v Yahoo Inc, US District Court, Northern District of California, No. 16-05456.
‘Change passwords’
In an e-mail sent by Yahoo, it advised its users of the data breach, outlining its extent and what it is currently doing to address the matter.
“We are asking potentially affected users to promptly change their passwords and adopt alternate means of account verification. We invalidated unencrypted security questions and answers so they cannot be used to access an account,” said Yahoo.
“We continue to enhance our systems that detect and prevent unauthorized access to user accounts. We are working closely with law enforcement on this matter,” it said.
Users should be cautious of any unsolicited communications that ask for their personal information or refer them to a web page asking for personal information.
“Avoid clicking on links or downloading attachments from suspicious emails,” it further said.