Karen Gullo reports:
Yahoo! Inc. (YHOO), the operator of the biggest U.S. Web portal, was sued for negligence over its disclosure that as many as 450,000 user names and passwords were stolen from one of its sites.
A Yahoo user who said his login credentials were posted online after a hacker infiltrated a company database on July 11 filed a complaint July 31 in federal court in San Jose, California.
Jeff Allan of New Hampshire said in his complaint that Yahoo failed to adequately safeguard his personal information and seeks an order requiring the company to compensate him and other users for account fraud and for measures they have had to take to protect accounts put at risk by the Yahoo breach.
Read more on Bloomberg.
That at least someone would sue was a foregone conclusion, although I wonder why people keep suing when the courts have been unusually consistent in dismissing suits like this.
In this case, it sounds like the plaintiff can show some harm if his login credentials enabled access to his eBay account. But then, what was the user’s responsibility NOT to re-use credentials across sites? Was the fraud he experienced due to Yahoo’s failure or his own failure to create unique logins for different sites?
If Yahoo! failed to live up to its promises of data security, the FTC can investigate and take action. But I just don’t see where these lawsuits are really providing any significant benefit to consumers. We need to either change the laws to require breached entities to offer meaningful assistance to breach victims or impose statutory damages that would cover routine cases where people may have to pay for credit monitoring and/or restoration. Would it cost businesses? Yes. But so does litigation that seems to only really benefit plaintiffs’ lawyers.