Craig A. Newman of Patterson Belknap writes:
Yesterday, a Superior Court judge in Santa Clara, California approved what is believed to be the first monetary award to a company in a data breach-related derivative lawsuit. Until now, such breach-related derivative cases have settled through a combination of governance changes and modest awards of attorney’s fees.
But the former officers and directors of Yahoo! Inc. agreed to pay $29 million to settle charges that they breached their fiduciary duties in the handling of customer data during a series of cyberattacks from 2013 until 2016. Three billion Yahoo user accounts were compromised in the attacks, making it one of the largest reported hacks in U.S. history. The settlement puts an end to three derivative lawsuits filed in Delaware and California against the company’s former leadership team and board including ex-CEO Marissa Mayer.
Read more on Data Security Law Blog.