Yahoo is making a second attempt to settle the massive data breach lawsuit against the company by offering to pay $117.5 million. The sum represents a 235% increase and comes after Yahoo’s first settlement proposal was rejected by a U.S. District Court. Back then the company was prepared to pay $50 million and offer two years of free credit monitoring for 200 million people in the U.S and Israel but the court identified six major problems with the deal. Judge Lucy Koh wrote for the U.S. District Court for the Northern District of California that "any of these bases would be sufficient to deny the motion for preliminary approval."
In the span of just four years, Yahoo was a subject of three massive data breach incidents. In 2013 all of the 3 billion Yahoo user accounts that existed at the time were compromised in what remains one of history’s biggest data thefts. The attackers had access to names, telephone numbers, email addresses, hashed passwords, dates of birth, some security questions and answers. In 2014 another data breach affected 500 million accounts while in 2016 attackers had managed to steal a proprietary process used by Yahoo for the creation of authentication cookies. This allowed the attackers to forge cookies and enter internal accounts without authentication.
So far Yahoo has managed to settle three different lawsuits in connection with the data breaches. In April 2018, the company paid $35 million to settle the Securities and Exchange Commission claims that it had misled investors followed by an $80 million settlement with investors in September 2018. Then in January 2019, a California state court granted final approval for a $29 million shareholder derivative settlement.
Yahoo's core internet business was bought by Verizon ( VZ:NYSE) in 2017 for $4.48 billion while the rest of the company's operations and stakes were transferred to a successor company named Altaba.