Recently Yahoo announced a huge data breach that exposed over 500 million users. Just one day after that incident, ambulance chasers filed a lawsuit against Yahoo.
This lawsuit was first reported by Fortune and it comes on the heels of Yahoo public statement in which they acknowledged that “someone” breached its servers back in 2014 and stole user information.
The company has put the blame on a “state-sponsored actor” and said they are still investigating the incident.
Ronald Schwartz from New York filed this lawsuit on behalf of all the Yahoo users and is now asking for class-action status. Schwartz is accusing Yahoo of a gross negligence.
Schwartz’s lawyers have filed the lawsuit in San Jose, California, which is one of the US states that has severe set of data breach rules, and also happens to be Yahoo’s native state.
Back in july Verizon announced that they would be buying some of Yahoo’s assets for a total sum of $4.8 billion. The transaction will take a little time to finalize and if the lawsuit becomes too costly, Verizon may have the legal loopholes to get out of their acquisition .
The acquisition took place before Yahoo received tips of a data breach in August when a hacker called Peace had put up 200 million user records on sale on a Dark Web marketplace.
According to Yahoo, that tip made the company investigate the breach, which turned out to be false but revealed the bigger breach later on.
Schwartz claims that Yahoo should have not waited almost two months to tell users about the breach. Yahoo may be cleared if the FBI was also called in to investigate and agency officials instructed the company to hold off notifying customers, as is their custom when investigating sensitive breaches. If not, the company is in hot water.
Ironically, on the same day Yahoo announced its 500-million mega breach, a UK judge sentenced a hacker to two years in prison for hacking Yahoo! Voice in 2012 and stealing and dumping personal details of over 450,000 users, the biggest data breach until then in Yahoo’s history.