Yahoo Breach Settlement: What You Need to Know

If you had a Yahoo account anytime in 2012 through 2016, a pending class action settlement likely affects you.

From 2013 through 2016, Yahoo experienced several cyberattacks in which hackers took login information, as well as other information, from account holders. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers. As a result, the hackers might have also gained access to the contents of breached Yahoo accounts, along with any private information within users’ emails, calendars, and contacts. (In 2012, hackers also gained access to the Yahoo system, but no data was apparently taken.)

Several class action lawsuits followed, with consumers arguing that Yahoo failed to properly protect personally identifying information, had inadequate data security, and delayed notifying potentially impacted individuals and small businesses of the breaches. Yahoo denied wrongdoing but agreed to a settlement on September 3, 2019. In the agreement, Yahoo agreed to pay $117.5 million to settle the suits regarding the 2012-2016 security breaches. (See In re Yahoo! Inc. Customer Data Security Breach Litigation, Case No. 5:16-MD-02752-LHK (N.D. Cal.)).

In this article, you’ll get details about the proposed settlement and learn what type of compensation class members can get once the court approves it.

Who’s a Class Member?

If you received a notice about the data breaches, or if you had a Yahoo account at any time between January 1, 2012 and December 31, 2016, and are a resident of the United States or Israel, you’re a settlement class member. Class members are entitled to make a claim under the settlement.

What You Can Get Under the Settlement

Below is a summary of the different forms of compensation that the settlement fund will provide once the court approves the agreement. (To get complete information, dates, and details on the benefits, go to the official settlement website at

Free Credit Monitoring or a Cash Payout

If you’re a class member, you can get:

  • a minimum of two years of credit monitoring services so you can watch for signs of identity theft (and you'll also get identity theft insurance in the amount of $1,000,000) or
  • a cash payment if you already have credit monitoring services in place.

The cash payment will likely be around $100—though it could be less or more (up to $358.80)—depending on how many people file a claim.

Compensation for Time Spent Addressing Fraud or Identity Theft

If you can adequately document identity fraud or theft connected with the possible misuse of your personal information, you can get reimbursement of up to 15 hours of the time you spent fixing these issues. You'll receive $25 per hour or, if you took unpaid time off work, your documented hourly wage, whichever is greater.

If you can’t provide supporting documentation, you may get up to five hours of compensation for time spent remedying issues related to the breaches. Again, the rate is $25 per hour or your documented hourly wage, if you took unpaid time off work, whichever is greater.

Compensation for Out-of-Pocket Costs

If you spent money to address fraud or identity theft that you believe was caused by the breaches, or to protect yourself from future harm, then you may make a claim for reimbursement of up to $25,000. You can get compensation for, among other things:

  • the costs of credit monitoring or identity protection services you obtained
  • unreimbursed losses, fees, or charges incurred as a result of identity fraud or theft connected with the possible misuse of your name, email address, telephone number, birth date, password, and security questions at Yahoo, or from contents of your email account, such as financial communications and records containing credit cards, retail accounts, banking, account passwords, IRS documents, and Social Security number
  • professional fees (like to a lawyer or accountant) and other costs incurred addressing identity fraud or theft, including falsified tax returns, and
  • costs associated with freezing your credit files.

You must be able to document your claim.

Reimbursement for Yahoo Premium or Small Business Services

If you paid Yahoo for advertisement-free or premium email services between January 1, 2012 and December 31, 2016, you’re eligible for reimbursement of up to 25% of the amounts you paid.

How to Make a Claim Under the Settlement

To get free credit monitoring, cash compensation, or both, you have to fill out a claim form. Go to the settlement website to find the appropriate form. The deadline for submitting a claim is July 20, 2020.

Objecting to the Settlement

The deadline to object to the settlement, including the amount of attorneys' fees, costs, and expenses, is March 6, 2020. The court has scheduled a hearing in this case at 1:30 p.m. on April 2, 2020, in Courtroom 8 of the U.S. Courthouse, 280 South 1st Street, 4th Floor, San Jose, CA 95113, to consider whether to approve the settlement and other matters. If you want, you may ask to appear at the hearing.

When to Talk to a Lawyer

If you’re a victim of identity theft and need assistance fixing your credit report or dealing with fraudulent debts, consider talking to a lawyer. Also, consider talking to a lawyer if you want to exclude yourself from the settlement and sue Yahoo on your own for claims related to the cybersecurity breach. The deadline to opt out is March 6, 2020. Be aware that if you don't opt out or make a claim, you’ll lose both the opportunity to sue, as well as miss out on getting benefits under the settlement.

Effective date: September 3, 2019