The folks behind the largest known hack of user data to date are finally paying up. Yahoo, now owned by Verizon, recently agreed to pay $117.5 million as part of a proposed class action settlement stemming from a series of breaches in the 2010s that affected 3 billion people—basically Yahoo’s then-entire user base.
If you had a Yahoo account during that time, you might have already received an email this week telling you all this, along with the fact that you may be eligible for free credit monitoring or up to $100 as recompense for that whole to-do. The deadline for claims is July 20. The question now, as you may be asking yourself, is how does one cash in on Yahoo’s apology?
Any U.S. resident who had an account between Jan. 1, 2012 and Dec. 31, 2016 is eligible to submit a claim here for either two years of free credit monitoring through AllClear ID or “alternative compensation”: cold, hard cash of up to $100 if you show you already have credit services. Individuals can also file claims through the mail and online for any out-of-pocket costs tied to these breaches. Users that can document specific losses suffered because of these hacks are eligible to receive reimbursement up to $25,000.
Though that $100 depends on how many eligible users actually enter claims. It could go as high as $358.80 if most folks opt to do nothing, or it could drop down to a few dollars if even just a third of the 194 million potential class-action lawsuit members file a claim.
Not that anyone could blame them, what with the sting of Equifax’s breach still fresh on a lot of our minds. Instead of the $125 windfall most victims originally expected, an absolute pittance for exposing the data of nearly 150 million people, the Federal Trade Commission issued a warning that each claimant in Equifax’s case would likely only get “a small amount of money” if more people didn’t opt for free credit monitoring instead. And who wouldn’t want free credit services—compiled from three national credit agencies that include, oh yeah that’s right, the very company that screwed up in the first place!
But even Equifax’s breach pales in comparison to Yahoo’s fuck-up history. Hackers, likely state-sponsored, made off with credentials for all 3 billion Yahoo accounts in 2013, though the company didn’t disclose the breach—along with a separate incident in 2014 that affected 400 million accounts—until 2016. The Securities and Exchange Commission ultimately hit Yahoo with a $35 million fine for its failure to quickly inform users that their information might have been stolen. Even still, it took another full year before the full extent of that first breach became known; Yahoo’s original estimates had the number of victims at 1 million. A final hearing on Yahoo’s settlement’s scheduled for April.