Securities class action lawsuit arrives for Yahoo

In the wake of two high-profile data breaches, the web giant Yahoo has been served with a securities class action suit alleging the company made a number of false or misleading statements.  To learn more about this case, visit Battea’s Yahoo case summary.

The suit, filed in the District Court for the Northern District of California, specifically alleges that the company misled investors or failed to disclose that it did not sufficiently encrypt users’ personal data, or did not keep its encryption efforts up to date with industry standards, and that as a result the personal information for some 1 billion accounts was exposed in a breach and was vulnerable to theft. The suit further alleges that the extent of the breach and its potential hazards for users also made it less likely for people to continue using its websites and online services.

The suit has a class period from Nov. 12, 2013, to Dec. 14, 2016.

Yahoo's class action suit stems from two major data breaches.Yahoo’s class action suit stems from two major data breaches.

What happened
In September of last year, Yahoo announced that it had been hit with a data breach in 2014 that exposed about 500 million accounts, and then just a few months later, revealed it had been rocked by an even larger one in 2013, exposing 1 billion accounts, according to a report from The New York Times. The latter attack exposed plenty of sensitive information for a wide variety of users, potentially including their names, phone numbers, dates of birth, passwords and security questions that could be used to reset passwords. Only the passwords were encrypted.

A number of lingering issues remained, including how many of the affected accounts were exposed in both attacks, and how many of them were for inactive users, the report said. For its part, Yahoo further noted that it believes the smaller 2014 attack had been state-sponsored by an unnamed foreign government, and led to the theft of the company’s proprietary source code. However, security experts showed significant concern that it took more than three years for the company to even discover the 2013 attack, especially at a time when many other big-name web firms have invested heavily in security.

In the meantime, Yahoo is asking affected users to change their passwords and also sign up for a new service called Yahoo Account Key, which allows users to log into Yahoo accounts using codes sent to their mobile devices, the report said.

The impact on Yahoo’s stock price
Over the course of the class period, Yahoo’s stock price fluctuated significantly. At the start of this period of more than three years, the stock was trading at a little less than $35 per share. About a year later, that number climbed to north of $50 per share – the highest point of the class period by far – before falling to a low of about $27 per share in early 2016. Just before the second breach was announced, the stock traded at nearly $42 per share, but that number fell to less than $39 in the wake of the announcement.

Today, Yahoo’s stock is trading at about $45 per share.

For more information on this case or other class action litigations, please contact Sam Wankel, Senior Vice President, Research, Battea Global Litigation Research, Inc., at 203-987-4949 or info@battea.com.