This week, Yahoo! Inc. announced its discovery of an August, 2013 data breach of over one billion user account records. The announcement came less than three months after the company disclosed a 2014 breach of more than 500 million records, although Yahoo! believes the two incidents are “likely distinct” from each other.
The 2013 incident involved access by “an unauthorized third party” to user names, email addresses, telephone numbers, dates of birth, some hashed passwords and security questions and answers. Yahoo! stated that its investigation indicated that no clear text passwords, bank account information or payment card data were affected.
Yahoo! is already defending multiple class action lawsuits involving the 2014 breach. The 2013 incident is expected to spawn additional lawsuits and possible regulatory investigations at the state and federal levels. Questions that Yahoo! will likely face include why it took the company over three years to discover the incident and whether the 2013 and 2014 breaches are, in fact, distinct and not related events.
© 2016 Ossian Law P.C.