SAN FRANCISCO (CN) – Yahoo’s lax security protocols led to a breach that exposed a billion of its users’ personal information to theft and cost shareholders millions, the investors claim in a federal class action.
Yahoo announced the 2014 breach on Sept. 22, 2016, saying hackers had stolen information from more than 500 million users. The next day, Yahoo’s stock price fell by $1.36.
A few months later, Yahoo revealed that another data breach had happened in August 2013 and that a billion users’ accounts had been compromised. While Yahoo didn’t ask users to reset their passwords in September, it required users to do so in December – which may have caused the number of Yahoo users to drop.
The announcement also jeopardized a planned sale of Yahoo to Verizon for $4.8 billion, and its stock price fell even further. It closed at $38.41 per share on Dec. 15, 2016, a drop of $4.39 from its closing price of $42.80 in September.
A proposed class of hundreds of thousands of Yahoo shareholders led by investor Mark Madrack says Yahoo’s quarterly financial statements filed with the Securities and Exchange Commission made false and misleading claims about the effectiveness of its encryption system and caused them to buy Yahoo shares at artificially inflated prices.
The lawsuit, which also names Yahoo CEO Marissa Mayer and CFO Kenneth Goldman as defendants, seeks an unspecified amount in damages on behalf of all investors who purchased shares between Nov. 13, 2013, and Dec. 14, 2016.
A Yahoo spokesman declined to comment, saying in an email, “We don’t comment on litigation.”
The class is represented by Jennifer Pafiti with Pomerantz LLP. She did not respond to an email request for comment.