Column: Yahoo offers data breach victims up to $358 each in settlement. But don’t bank on it

Yahoo headquarters
Yahoo has set aside more than $117 million to settle claims over data breach. But, needless to say, there’s a catch. A few of them, actually.
(Associated Press)

You have every right to be skeptical as another big company — this time it’s Yahoo — says you can claim some cash to make amends for a massive data breach.

Credit agency Equifax was accused of a bait and switch after it offered $125 or free credit monitoring to all those affected by its own sloppy data practices, which resulted in hackers gaining access to the personal information of about 147 million people.

Turned out Equifax allotted only $31 million for claims, which meant that if all 147 million people opted for a payout, they’d get less than 25 cents apiece. The Federal Trade Commission advised people to take the free credit monitoring instead.


So now Yahoo is trying to make amends for its own data-security issues, which affected 3 billion account holders.

The company has set aside more than $117 million to settle claims.

But, needless to say, there’s a catch. A few of them, actually.

To submit a claim for a payout, you have to verify that you already have a credit-monitoring service. If you don’t, you’re not eligible for money and can only seek free credit monitoring.

If you can verify an existing service, and you can verify that you’ll be keeping it for at least a year, you still might not get the up to $358.80 Yahoo is offering under the settlement, which still has to be approved by a California court.

If lots of people go after the cash — and remember, we’re talking 3 billion potential claimants — you’ll almost certainly get less. Probably a lot less.


Yahoo revealed several years ago that it had experienced two huge data breaches, one in 2013 and another a year later. Credit card information wasn’t believed to have been snagged by hackers, but emails and passwords were.

You qualify for the settlement if you had a Yahoo account between Jan. 1, 2012, and Dec. 31, 2016.

That entitles you to submit a cash claim or to receive two years of free credit monitoring.

If you can prove that the data breach caused you financial losses or significant loss of time in dealing with privacy problems, you might qualify for up to $25,000.

But good luck with that. In such cases, you’d need to provide police reports and other evidence of criminal activity.

“If the Settlement Fund is sufficient to cover all valid claims, all such claims will be paid in full,” the settlement website says.

“If the Settlement Fund is not sufficient to cover all valid claims, then the amount of each claim will be reduced proportionally (by a percentage) until the Settlement Fund is exhausted.”

All claims must be submitted by July 20, 2020.

There’s no harm in asking for cash. In fact, that’s the best way to send a message to negligent companies that we take protection of our personal information seriously.

But don’t count on a windfall.

In the end, you’ll probably get more value from the free credit monitoring. It’s not a defense against hackers, but it will let you know if there’s trouble, such as a credit card purchase you don’t recognize.

While you’re at it, consider placing a credit freeze on your files, which will block bad guys from accessing your records and opening accounts in your name.

To submit a claim, go to