Skip to main content

Here’s how to claim $100 or more from Yahoo’s massive data breach settlement

Yahoo is about to reach a $117.5 million settlement in a class-action lawsuit over a series of data breaches that affected users between 2012 and 2016 — and you’re likely eligible for your $100 cut or free credit monitoring if you had an account during that time.

Millions of people could qualify for the $100 Yahoo settlement and the company has been emailing potentially affected users about the class action settlement over the past few weeks. Just because you got the email doesn’t mean you’ll get your settlement money or free credit monitoring.

You’ve got until July 20 to figure out what to claim. Here’s what you need to know about the data breaches and how to make a settlement claim.

What happened: Yahoo’s years of data breaches

The class-action settlement comes after several major data breaches or “data security intrusions” — essentially when a hacker got into the system but didn’t take any information — that plagued Yahoo over the course of several years. Yahoo sent out an email about the settlement on Wednesday, detailing all the of the breaches that happened over the years.

In 2012, two different hackers accessed Yahoo’s internal systems, but didn’t take anything. In 2013, “malicious actors” got into the company’s database and took records from all of Yahoo’s accounts — roughly 3 billion in all. The hackers behind that breach could have gotten into users’ email accounts, calendars, and contacts.

Yet another database, this time in 2014, involved Yahoo’s user database. Malicious actors took a ton of data from about 500 million Yahoo accounts, including names, email addresses, telephone numbers, birthdays, passwords, and security questions and answers.

One last data breach took place from 2015 to September 2016, where hackers were able to use cookies to get into about 32 million Yahoo email accounts.

While this is not nearly as big as the $700 million settlement that credit agency Equifax agreed to for its 2017 data breach involving the personal information of about 147 million people, it’s still a substantial sum. Here’s what you need to know about the Yahoo data breach settlement.

What are your claim options for the Yahoo settlement?

Like other data breach settlements, you’re not just entitled to a cash payment. Yahoo is offering two years of free credit-monitoring services to anyone who had a compromised Yahoo account. If money sounds better to you, you can ask for a cash payment of $100 as long as you verify that you’ve already signed up for a credit-monitoring service. There are plenty of free credit-monitoring services online — including Credit Karma — that you can quickly sign up for if you choose this option.

There is, of course, a catch to all of this. The settlement is a set amount of $117.5 million, meaning there’s only so much cash to go around. If too many people sign up for the cash option, you’ll have to split the pool. That means you might sign up for a $100 settlement and end up actually receiving substantially less. The same thing happened with the Equifax settlement — leading the Federal Trade Commission (FTC) to recommend people not choose the cash option because it would likely be tiny.

Yahoo even warns users of that possibility on the claim website: “Payment for such a claim may be less than $100 or more (up to $358.80) depending on how many Settlement Class Members participate in the settlement,” the company wrote.

There are a few more options if the data breaches hit you more than most: If you had to spend time or money dealing with identity theft or other problems you believe stemmed from the hacks, you can file a claim for up to $25,000 in out-of-pocket losses. There’s also additional settlement cash for small businesses and anyone who paid for premium Yahoo mail, so if you fall into either category, you could be eligible for additional compensation based on what you paid for services needed to deal with the breach.

How to claim your Yahoo data breach settlement

Anyone who had a Yahoo account between January 1, 2012, and December 31, 2016, and is a resident of the United States or Israel is eligible for the settlement. To file your claim, simply visit the claim website, YahooDataBreachSettlement.com and fill out the claim form that’s relevant to you. For most people, that’s the basic account holder claim form.

If you only want the $100 claim or credit-monitoring services, you’ll just need your Yahoo username. If you want to make a bigger claim for lost time or out-of-pocket expenses due to the breach, you’ll need to upload supporting documentation, like receipts, account statements with unauthorized charges, or letters from the IRS.

If you plan to object or comment on the settlement, you’ll need to do so by March 6, 2020. The deadline to make a claim is July 20, 2020.

Editors' Recommendations

Mathew Katz
Former Digital Trends Contributor
Mathew is a news editor at Digital Trends, specializing in covering all kinds of tech news — from video games to policy. He…
Marriott data breach: What to know and how to protect your data
Marriott Hotel

Marriott says customers' names, addresses, phone numbers, and other personal details were accessed in a large data breach -- the second to hit the hotel chain in less than two years.

In a statement Tuesday, Marriott announced that the information was accessed using the login credentials of two employees at a franchise property at the end of February. Among the stolen data could be:

Read more
Wawa data breach: Hacker is selling 30 million credit cards on the dark web
wallet with cash and cards

Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.

Wawa convenience stores announced the attempts to sell the data in a news release on January 28. According to the Gemini Advisory Board, a company that identifies cyberthreats, the credit card information was found on the website called Joker’s Stash marketplace and exposed customer data from 30 million cards. 

Read more
OnePlus customer data stolen in second data breach in two years
oneplus 7t macro lens iphone 11 lacks cameras

Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.

This comes less than two years after up to 40,000 customers' private information was stolen from OnePlus, leading to credit card fraud using customers' details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.

Read more