Yahoo! 2016 Data Breach Settlement Rejected by Judge Drew Wilson | February 4, 2019 The saga over one of Yahoo!’s data breaches continues. A settlement has been proposed, but a judge is now rejecting that proposal. It’s been a long road for Yahoo! and their data breaches. Unfortunately for the company, the road is not yet over for at least one of them. According to reports, the breach at the time saw hundreds of millions of accounts compromised. To paint a very dark picture, a perfectly valid question is, “which Yahoo! breach was that?” After all, Wikipedia has an entirely separate page devoted to just breaches at Yahoo!. In this case, it is apparently the 2016 breach which saw roughly 200 million accounts compromised. Litigation was sparked over that breach and a proposed settlement of $50 million was made. Now, it seems that the judge isn’t satisfied with this idea. Apparently, part of the decision came from actions made by Yahoo! in the aftermath of the breach. From Ars Technica: A federal judge in San Jose, California, has rejected a proposed settlement that would put an end to the years-long lawsuit over the company’s 2016 disclosure that it had been hit by nation-state hackers that exposed hundreds of millions of accounts. US District Judge Lucy Koh, who has presided over many tech-related cases, including the Apple v. Samsung trial, lambasted Yahoo for its lack of transparency over how it has handled the aftermath of the breach. “Yahoo has not committed to any specific increases in budget for data security and has made only vague commitments as to specific business practices to improve data security,” she wrote. “Yahoo’s history of nondisclosure and lack of transparency related to the data breaches are egregious. Unfortunately, the settlement agreement, proposed notice, motion for preliminary approval, and public and sealed supplemental filings continue this pattern of lack of transparency.” The proposed settlement would have paid out $50 million to the affected users, plus two years of free credit monitoring for approximately 200 million people in the United States and Israel. So, it looks like the 2016 breach is going to continue on. At this point, we are on year three of this saga and there is still no end in sight for all the ensuing aftermath. Drew Wilson on Twitter: @icecube85 and Google+.