I don’t think investors’ lawsuits related to data breaches have been a particularly winning strategy to date, but if any investors’ suit has a chance, this one might – or at least, should have a chance. Maria Dinzeo reports that those who invested in Yahoo! are suing the company:
A proposed class of hundreds of thousands of Yahoo shareholders led by investor Mark Madrack says Yahoo’s quarterly financial statements filed with the Securities and Exchange Commission made false and misleading claims about the effectiveness of its encryption system and caused them to buy Yahoo shares at artificially inflated prices.
The lawsuit, which also names Yahoo CEO Marissa Mayer and CFO Kenneth Goldman as defendants, seeks an unspecified amount in damages on behalf of all investors who purchased shares between Nov. 13, 2013, and Dec. 14, 2016.
Read more on Courthouse News.
I think their strongest argument might ultimately be the delays in discovering and disclosing the massive breaches to investors – apart from what seems to be less than appropriate security like encryption. I’m not a Yahoo! investor, but if I had invested, I think I’d be arguing that I never would have purchased the stock at the price I purchased it at if I known that the company had not timely disclosed a major breach that it had become aware of, had not properly addressed it by forcing a password reset, had not then timely discovered an even larger breach that had occurred earlier because it dismissed reports by a security firm and only paid attention when the government came to them with the same information, etc. All of those factors, I think, would be material to any decision to invest. But then, IANAL, of course.