You Can Claim $100 from Yahoo’s Data Breach Settlement - Here’s How

Did you receive an email with the subject line: Yahoo Security Breach Proposed Settlement that looks like this?

If you did, chances are you were affected by at least one of Yahoo’s disastrous data breaches that went down between 2013 and 2016.

If you’ve spent any time reading ClassAction.org, you know it can take a heck of a long time for a class action lawsuit to come to a resolution. Well, folks, we’re pleased to report that the wait is over. Here’s what you need to know about the $117.5 million Yahoo data breach settlement—and how to file a claim if your personal information was compromised.

How do I know if I’m included in the settlement?

Did you receive the email mentioned above? (Be sure to check your spam folder to make sure the message didn’t end up in there by mistake.)

Did you have a Yahoo account—including an account with a Yahoo subsidiary such as Tumblr, Yahoo Fantasy Sports and Flickr—at any time between January 1, 2012 and December 31, 2016 (the “class period”) as a resident of the United States or Israel?

If you answered yes to either of those questions, you are a class member who’s included in the settlement and will be able to file a claim.

I’m generally skeptical when it comes to these things. Is the email I received real, or is someone trying to scam me?

A perfectly valid question. (I mean, we are talking about data breaches here.) Sometimes class action settlement emails can look a little fishy, and settlement websites can look even sketchier.

If the email you received was sent by info@service.comms.yahoo.net, rest assured that it’s real and not a scam.

Is there an official settlement website?

Yup! https://yahoodatabreachsettlement.com/

What can I get if I file a claim?

Consumers who file a claim for their piece of the $117.5 million settlement fund can request a minimum of two years of credit monitoring or a cash payment. Also available through the settlement is compensation for out-of-pocket expenses related to Yahoo’s data breaches. Those who paid for Yahoo’s premium or small business services during the class period can also file a claim to recover part of their subscription cost.

As part of the settlement, Yahoo has committed to fortifying its data security practices. This means the company has assured that it has enhanced and will continue to enhance its information security practices to protect against another cyberattack.

The full breakdown of what class members may be entitled to is as follows:

Two years of credit monitoring services provided by AllClear ID

This option is encouraged by the settlement administrator. If you already have credit monitoring in place, you can still sign up for this additional protection or seek a cash payment.

Cash payment in lieu of credit monitoring services

Keep in mind that those who opt for a cash payment will be asked to verify that they have a credit monitoring service in place and keep such in place for at least one year. Class members who file a claim for a cash payment may be able to receive up to $100. If too many class members opt for the cash payment, however, or if there’s money left over in the fund after the end of the claims period, this amount could vary (more on this below).

Fraud resolution services

Making oneself whole again after experiencing identity theft can be expensive and time-consuming. Class members who opt for fraud resolution services through AllClear ID will receive help with, for example, placing fraud alerts with credit bureaus, disputing inaccurate credit report information, and scheduling calls with creditors, among other services.

Cash reimbursement for out-of-pocket losses

This option aims to recoup class members for time and money spent addressing fraud or identity theft. Out-of-pocket cost claims cannot exceed $25,000. Click here for a more thorough breakdown.

Cash reimbursement for up to 25 percent of paid users’ costs

“Paid users” are those who, well, paid for advertisement-free or premium Yahoo email services during the class period.   

Cash reimbursement for up to 25 percent of small business users’ costs

Small business users are those who paid Yahoo or Aabaco for small business email services during the class period.

For the first two options detailed above, class members can elect to claim either credit monitoring services OR alternative cash compensation. You cannot claim both.

It’s important to make clear off the bat that the $117.5 million settlement fund will also be used to cover attorneys’ fees, costs, expenses and incentive awards of $7,500 for each of the 16 named plaintiffs representing the class.

Keep in mind, every claim may be subject to verification by the settlement administrator. Don’t be surprised if, as with the Equifax settlement, an email arrives in your inbox down the road asking for proof of damages.

How do I file a claim for the Yahoo data breach settlement?

Head to this page and follow the prompts.

Individual accountholders should click on the first “claim form” link. Paid users, small business users and Israeli Yahoo users should follow the succeeding links. You can submit claims for multiple groups in the event you fall into more than one of these categories.

When do I need to file a claim by?

All claims must be filed by July 20, 2020.      

What happens if I do nothing?                           

This is the type of settlement that requires you to fill out a claim form. If you do nothing, you will not be eligible to receive credit monitoring or compensation from the settlement.

Importantly, if you do nothing, you forego your right to sue the defendants over the claims presented in the initial class action lawsuit.

What if I don’t like the settlement and want to be left out?

If you’d like to exclude yourself from the settlement, which is different from objecting to the settlement, and retain your right to sue Yahoo! Inc. and Aabaco Small Business, LLC, you must send a letter by mail stating your wish to be left out. Your exclusion letter must include:

The deadline by which to exclude yourself from the settlement is March 6, 2020. Exclusion letters should be sent to:

You cannot exclude yourself from the settlement by phone or email. If you exclude yourself from the settlement, you will receive none of its relief.

Can I object to the settlement?

It is possible for class members to remain eligible for the settlement and voice their objection to its relief, the amount of attorneys’ fees, costs and expenses, and/or the monetary awards set aside for the named plaintiffs. An objection is a request for the court to deny approval of the settlement. Objecting to the settlement and excluding yourself from the settlement are not the same thing.

To object or comment on the settlement, you must send a written letter that contains:

The deadline by which to file an objection is March 6, 2020. Objections can be filed at any location of the United States District Court for the Northern District of California on or before the deadline or be mailed to the settlement administrator, postmarked no later than March 6, 2020, at:

When will I get my settlement benefits?

All benefits will be distributed once the settlement is given final approval. The settlement website asks for patience from class members, as this process can take a year or longer.

A hearing is scheduled at the U.S. Courthouse in San Jose, California at 1:30 p.m. on April 2, 2020 for final approval of the settlement, as well as for the hearing of objections.

How did we get here?

A unique element of this particular data breach settlement is that it, well, covers more than one data breach. Let’s break it down by year:

What followed was a firehose of litigation against Yahoo! Inc. and Aabaco Small Business, LLC, a subsidiary of Oath Holdings Inc. and Yahoo’s small business services provider. Class action lawsuits were filed in federal and California state court by consumers who alleged the companies failed to adequately safeguard users’ personal information. The federal cases were thrown into multidistrict litigation on September 22, 2016. The settlement resolves both sets of cases, federal and state.

After two initial versions of the settlement failed to pass muster with U.S. District Court Judge Lucy Koh for being too vague and nondescript about the nature of the 2012 breach, a third attempt was given the green light in July 2019. And here we are.

If a ton of people claim the cash option, will that mean less money for each class member?

The fiasco with regard to how much cash class members will receive from the Equifax settlement is still fresh on consumers’ minds. As with that settlement, the money set aside from the Yahoo data breach deal is in a general fund from which the cost of all claims, as well as administrative costs and those outlined above, will be paid.

If too many class members file a claim for cash payment, the amount individual class members receive could be less than $100. On the other side of that coin, class members may be able to recover up to $385.80 if there is money left over in the settlement fund at the end of the claims period and after all attorney and administrative costs are paid.

To be clear: No one knows in advance how much money class members who opt for the cash option will receive.

How do I contact the settlement administrator directly?

The settlement administrator is:

Class members looking for more information or who have questions on the settlement can also email Info@YahooDataBreachSettlement.com or call 844-702-2788.

Don’t see the answer to your question on this page? Let us know down in the comments, or visit the official settlement website’s frequently asked questions page here.