Network Security, Vulnerability Management

Yahoo slapped with class-action suit after breach


A Texas man has filed a class action lawsuit alleging that his credit card details were stolen from his Yahoo accounts and used for fraudulent purchases, according to a report on Silicon Beat.

The challenge for Yahoo is that following two massive data breaches, it claimed its investigations into the incursions indicated that no payment-card data or bank account information was taken. At least 500 million accounts were compromised in 2014 and more than a billion accounts in 2013.

Brian Neff, the owner of a Little Elm, Texas-based online insurance company, said in his suit that he was a customer of Yahoo's web hosting and email services.

In papers filed Feb. 8 in U.S. District Court in San Jose, Calif., the suit stated: “In addition to paying Yahoo thousands of dollars for services that subjected him to a security breach, Mr. Neff was also a victim of actual identity theft following the data breaches."

Despite a Yahoo statement that its investigation into the breaches indicated that no bank information was stolen in two breaches, Neff claimed that fraudulent charges showed up on his Capital One credit card and his Chase debit card, which he used with his Yahoo accounts. He said Yahoo was the only company linked to both cards.

The suit stated that fraudulent accounts were opened in 2015 in Neff's name and suspicious charges appeared on statements in May and June of last year.

“The probability that separate criminals stole card information from separate sources, stole the information necessary to open a new credit card account from a separate source, and made fraudulent charges on all three cards in the same month is staggeringly remote,” the lawsuit claimed.

While it has not yet been proven whether the data breaches at Yahoo led to the fraudulent activity on Neff's accounts, his suit blames Yahoo for failing to take reasonable measures to protect users' data, failing to prevent the data breaches, failing to notify users that Yahoo's data-security measures were inadequate, and failing to promptly disclose it had been hacked.

Yahoo's actions amounted to fraudulent and deceptive business practices, the suit stated.

Neff is asking for unspecified damages.

Yahoo has been hit with two dozen lawsuits following the breaches. A number of them have been lumped together into one case scheduled to be heard in federal court in San Jose.

Yahoo is in the midst of a $4.8 billion sale to Verizon. The fallout from the breaches are delaying the acquisition, with some reports indicating the deal might not go through, or the sale price will be adjusted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.