Attorneys for Yahoo submitted a proposal to the US District Court for the Northern District of California on Monday to settle a class action data breach lawsuit.
This proposal is Yahoo’s second attempt to settle a series of data breaches that occurred between 2013 and 2016. US District Judge Lucy Koh rejected a previous version due to a lack of safeguards to prevent future data breaches and because of ambiguity regarding victim compensation.
The new settlement describes an investment budget to improve security capabilities and staffing. It also offers a non-reversionary Settlement Fund of $117.5 million, with allotments to cover victim “out-of-pocket expenses related to identi[t]y theft, lost time, paid user costs, and small business user costs;” an allocation of $24 million to cover two years of credit monitoring; and a cap on attorneys’ fees at $30 million.
This new offer exceeds the original $50 million Settlement Fund proposal, but it still falls below the mean of a settlement range ($69.6–175 million) identified in the first proposal. The settlement states that this amended version is reasonable and on par with analogous offers from similar data breaches.
Koh will again be reviewing the motion.