Yahoo! Inc. was the target of a massive security breach in 2015 that affected almost 500 million users with longtime accounts. That dangerous hack provoked two lawsuits in California, where users alleged that the company did not adequately disclose the breach.

Data linked with 500 million user accounts was stolen and was kept “available” to identity theft since users were not aware that certain information was exposed. According to former employees in Yahoo, security was not a priority, and funding was redirected to other operations.

yahoo
Yahoo! Inc. has stated that over 500 million of their users have been hacked and their personal information has been stolen. Photo credit: The Washington Post

About the security breach

In the late 2014, security experts from Yahoo announced that their databases were the target of hacker attacks that exposed personal data of users including email addresses, birthdays and safety questions, making Yahoo users’ information vulnerable to hackers.

However, it seemed that the information compromised included not only that kind of personal data but also tax accounts, credit card information and other sensitive data that staff from Yahoo did not announce.

The late disclosure of the details of the breach -that has been the biggest hack in the history of Yahoo since compromised the largest amount of users in the recent history of hacks- raised questions among users affected, who initially did not understand why their tax accounts and credit cards were compromised.

What are they complaining about?

The complaint is mostly about the unusually extended period of time of time that Yahoo took to disclosure the full details about the breach since for almost two years users’ data was exposed without them knowing.

To users affected, Yahoo proved to be negligent not only protecting the information but also sharing the risks with the people exposed to identity theft and other dangerous situations. So far, two lawsuits were filed in California, but it seems that many other lawsuits will be submitted in the next few months.

Former employees of Yahoo also commented to local media that the priority of the company was mostly economic growth, so investment to strengthen security standards was little.

“We are committed to keeping our users secure, both by continuously striving to stay ahead of ever-evolving online threats and keeping our users and our platforms safe,” a Yahoo representative said in a statement published by local media in California.

Suzanne Philion, a spokeswoman for the company stated later that Yahoo would not comment on current litigations.

The risk of identity theft  

According to the Department of Justice, “identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.”

The internet is the most appealing place for criminals to obtain data, including banking information and identifying information, and this kind of attacks allow criminals to get a massive amount of information from thousands of possible victims.

The Department of Justice prosecutes cases linked to identity theft and fraud. However, the Yahoo case has raised private lawsuits against the company, considering it the responsible of the breach and accusing the company of the time of exposure of the hacked information.

The Bureau of Justice Statistics conducted a Survey in 2014 to determine the prevalence and nature of identity theft and found out that an estimated 17.6 million persons, which is the 7 percent of U.S. adult residents, were victims of at least one incident of identity theft in 2014.

The Federal Trade Commission, on the other hand, released a study about how victim’s information is misused once the criminal executes the identity theft. Almost 50 percent of cases end up in government documents or benefits fraud, 16 percent in credit card fraud and the rest in phone or utility fraud, bank fraud, loan fraud and employment-related fraud.

What to do if you are a victim?

If you were one of the victims in the Yahoo breach, the first thing security experts recommended is to change your password, security questions, and answers and make sure to provide enough safety strategies while making the passwords and responses.

The company asked all users to check their accounts and products associated with them to determine if there is any suspicious activity or unwanted changes in settings.  Using the two-factor authentication tool that Yahoo offers – Yahoo Account Key- can also help protect the existing information.

If the user already was a victim of identity theft, the immediate response should make the report both in the Yahoo Help Center and in the local authorities to initiate the corresponding investigation.

Source: CNN Money