, ,

Can you make a data breach claim against Yahoo?

hayes connor solicitors

Yahoo has been fined £250,000 after 515,000 UK accounts were compromised. This comes following a sophisticated and persistent attack in 2014. The data protection hack led to user’s names, email addresses, telephone numbers, passwords and security information being stolen by cybercriminals.

Following the fine by the Information Commissioner’s Office (ICO), those affected should now consider a data breach claim against Yahoo.

What happened in this case?

In 2014, a Russian state-sponsored cyber-attack resulted in personal data being stolen from over 500m Yahoo user accounts worldwide. Despite evidence that the firm knew about the hack soon after it happened, the data breach wasn’t reported until September 2016.

What was the result of the investigation?

The investigation focused on UK accounts that were co-branded Sky and Yahoo, and which the London-based branch of Yahoo had responsibility for.

Following its inquiry, the ICO found that Yahoo had “failed to prevent” the hack. The ICO also condemned “inadequacies” that had been in place at Yahoo for some time without being “discovered or addressed”.

The investigation also found that:

  • The firm failed to ensure that its data processor complied with the appropriate data protection requirements
  • The firm failed to ensure that the credentials of employees with access to customer data were monitored
  • There was a lengthy period before the flaws which led to the breach were discovered or addressed

According to an ICO spokesperson:

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

As a result, the watchdog imposed a £250,000 fine. However, this represents less than 0.4% of Yahoo UK’s 2016 gross profit.

What can you do?

The ICO has said that cyber-attacks are a fact of life, and that companies have to make it as difficult as possible for them to get in. That it is “no good locking the door if you leave the key under the mat.”

But, while the ICO has the power to impose fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. However, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

According to the ICO, Yahoo has informed those affected. If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

Following massive data breaches, companies often set aside funds to pay compensation, so you have nothing to lose.


With strict-time limits in place for making most compensation claims, it’s essential to act now.

1 reply

Trackbacks & Pingbacks

  1. […] Find out more about the ICO’s investigation into the Yahoo data breach. […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply