Yahoo was charged as it was not able to avert the security breaches, but also being too slow in disclosing them. The breaches that happened over a period of three years and compromised the personal data of 3 billion users were revealed in a soft manner and only after a deal with Verizon had been reached.
The breaches affected the Yahoo-Verizon deal with the telecom giant slashing its purchase price to around $4.5 billion.
The allegations state that Yahoo was aware of the glitches in its security system but it did not take necessary measures to fix the same. Apart from the failure to fix the flaws, the delay in disclosing the hacks prolonged the users’ exposure to identity theft forcing them to spend money on protective measures such as credit freeze.
The judge said the affected people would have acted differently had they been aware of the vulnerabilities in Yahoo’s security system. She also added that the complainants would have to justify that they suffered losses due to the hacks.
Although the scope of the lawsuit has been reduced, Yahoo will still have to defend itself or pay a settlement to resolve the case.
In this day and age where cybersecurity is becoming increasingly important, it seems fair that companies be held liable for any failure on their part to ensure utmost importance is given to the same.