Risk

3/8/2018
03:55 PM
50%
50%

Yahoo Agrees to $80 Million Settlement with Investors

Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.

Yahoo has agreed to pay $80 million to settle a class action securities litigation brought against it by shareholders who alleged that the company intentionally misled them about its cybersecurity practices in the wake of massive data breaches in 2013 and 2014 that compromised the personal information of all 3 billion of Yahoo customers.

The 2013 breach was not reported until 2016, and the full extent of the damage was not known until October 2017, months after the investors' lawsuit was filed. The listed defendants are the company, and its CEO and CFO at the time of the events, Marissa Meyer and Kenneth Goldman, respectively. The settlement class includes all those who purchased or acquired Yahoo securities on the open market between April 30, 2013, and Dec. 14, 2016. 

The settlement must now be accepted by the court. 

A separate class action suit against Yahoo is also being brought by the victims of the breach whose personal data was exposed in the 2013 breach. The incidents forced Yahoo to trim $350 million off the original $4.83 billion asking price when it sold its main assets to Verizon in 2017. 

For more information, see here and here.

 

 

 

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
6 CISO Resolutions for 2019
Ericka Chickowski, Contributing Writer, Dark Reading,  12/10/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: New camera 2FA closed loop!
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20059
PUBLISHED: 2018-12-11
jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE.
CVE-2018-20056
PUBLISHED: 2018-12-11
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
CVE-2018-20057
PUBLISHED: 2018-12-11
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.
CVE-2018-20058
PUBLISHED: 2018-12-11
In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634.
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.