Although Yahoo was acquired by Verizon in 2017, a judge has ruled that the class action complaint filed by its former customers affected in the 2014 data breach will not be thrown out.
A motion by the web service provider's parent company Verizon to have the complaint thrown out of court has been denied by Judge Lucy Koh. However, the scope of the suit has been reduced as parts of it were dismissed.
Yahoo and its ownership group have been accused of failing to properly disclose and remedy the 2014 breach which led to the email accounts of three billion customers being exposed to hackers. The company withheld information about the breach until after it had been acquired by Verizon two years later in a deal that would see it bundled with AOL to form a new company called Oath.
According to Koh, parts of the complaint were able to hold up to scrutiny though the plaintiffs in the suit will now have to show that they actually suffered losses or damages as a result of the breach.
Of the sixteen motions to dismiss proposed by Yahoo, Koh granted six and denied 10 which will decrease the size of the plaintiff class considerably. However, now Oath will have to either defend Yahoo in court or pay out settlements to the affected parties.
Yahoo's poor handling of the 2014 data breach is still a perfect example of exactly what not to do when your organisation is infiltrated by a third-party.
Image Credit: 10 Face / Shutterstock