YAHOO CUSTOMERS affected by the three massive data breaches that resulted in the theft of more than three billion users' data can sue the company, a judge has ruled.
The lawsuit accuses Yahoo and its owner Verizon, which bought the internet giant last year, of failing to properly disclose details of the 2014 hack, which exposed users to identity theft and forced them to spend extra money and time securing their personal information.
Yahoo first admitted in 2016 that it was hacked two years previously, claiming that 500 million users were affected by the breach. Later in the year, the company revealed it was hacked again - in 2013 - in a breach that saw one billion accounts targeted.
Yahoo later sheepishly admitted that all of its three billion users were affected by the 2013 breach.
Unsurprisingly, following the breach, Yahoo was targeted by a class-action lawsuit, and Verizon has since been attempting to throw out a large proportion of the claims including negligence and breach of contract.
Judge Lucy Koh (of Apple vs Samsung fame) on Friday rejected Verizon's bid, forcing the firm to defend the class action complaint filed by customers whose data was exposed in the 2014 megahack.
Judge Koh previously dismissed an earlier attempt by Yahoo to have the lawsuit thrown out, after the company claimed that the hacks it suffered were the result of advanced tactics by attackers rather than a failure of the company's security protocols.
The firm had argued that the breaches were "a triumph of criminal persistence" by a "veritable 'who's who' of cybercriminals," and said that no security system is foolproof.
Koh last week ruled that customers may have "taken measures to protect themselves had they known about the breaches sooner."
"Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh wrote.
Last year, the US Justice Department formally charged two Russian spies and two criminal hackers in connection with the 2014 hack on Yahoo that saw 500 million accounts compromised. µ
Give noisy sites the (Basil) brush off
Watchdog rules it prevented rivals from competing in online search
EU have a choice, EU know
Though not as wallet-busting as the Galaxy S10