As The Register reports, Yahoo is being sued after disclosing that hackers stole at least 500 million user records two years ago:
Two Yahoo! users in San Diego, California, filed on Friday a class-action claim against the troubled web biz: Yahoo! is accused of failing to take due care of sensitive information under the Unfair Competition Act and the state’s Consumer Legal Remedies Act, plus negligence for its poor security, and breaking the Federal Stored Communications Act.
The stolen Yahoo! database includes people’s names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers about their personal lives.
You can check out a PDF version of the class action complaint here.
No doubt this won’t be the last legal action against Yahoo following its confirmation that it suffered such a damaging attack.
Questions will no doubt be asked as to whether Yahoo could have done more to protect itself in the first place, why it didn’t notice it had suffered a data breach sooner, and what has made the company conclude that its attackers were “state-sponsored”.
Meanwhile Yahoo users who believe they have been wronged will have to put together a convincing case that they have suffered a financial loss a direct result of the hack.
This could take a while…