, ,

What does the US Yahoo data breach settlement mean for people in the UK?


In October 2019, a US class action settlement allowed Yahoo users to file a claim for compensation. Under this deal, anyone who had a Yahoo account between January 1st, 2012 and December 31st, 2016 became eligible to seek a payout from the fund. But the agreement only applies to residents of the United States or Israel. So, what does the US Yahoo data breach settlement mean for people in the UK?

Yahoo has been found guilty by the ICO

In June 2018, the UK’s Information Commissioner’s Office (ICO) fined Yahoo £250,000 after investigating failures at the company. In particular, the ICO focused on a Russian state-sponsored cyber-attack which resulted in the breach of 515,121 UK Yahoo accounts.

The ICO’s investigation found that:

  • Yahoo failed to ensure that its data processor complied with the appropriate data protection requirements
  • Yahoo failed to ensure that the credentials of employees with access to customer data were monitored
  • There was a lengthy period before the flaws which led to the breach were discovered or addressed.

In short, Yahoo failed to take appropriate measures to protect the data of its customers. And these inadequacies in data security had been in place for a long time.

According to an ICO spokesperson:

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

The watchdog imposed a £250,000 fine on Yahoo. However, this represents less than 0.4% of Yahoo UK’s 2016 gross profit. So, you could argue that Yahoo got off very lightly.

Find out more about the ICO’s investigation into the Yahoo data breach.

You can still make a UK claim against Yahoo

At Hayes Connor Solicitors we are launching a group claim to help UK victims of the Yahoo data breach to claim the compensation they deserve.

According to the ICO, Yahoo has informed those affected. If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. The settlement reached in the US and the result of the ICO’s investigation in the UK means that you could have a very strong case.


In the UK, you should join a representative action

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm.

Representative actions tend to be used in straightforward mass data privacy scenarios. For example, where customers of a company have had their email addresses stolen and data privacy violated.

In representative actions, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

One solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions – including the Yahoo data breach.

If you want to join our Yahoo UK Representative Action contact Hayes Connor Solicitors immediately. There are no costs to join our group action and there is no obligation to proceed.