Yahoo sign
Yahoo faces a class action lawsuit over the massive data breach it suffered in 2013. Yahoo

A class action lawsuit filed against Yahoo over data breaches the company suffered in 2013 and 2014 was allowed to move forward after a United States District Court judge rejected a motion from the beleaguered tech giant asking for the case to be thrown out.

The decision to reject the motion to dismiss from Yahoo, allowing users who had personally identifiable information stolen as a result of the data breaches to seek compensation for damages.

Yahoo argued the 2014 data breach that led to the compromise of more than 500 million Yahoo accounts occurred not because the company’s security protocols weren’t sound but because the attackers were skilled enough to bypass the defenses put up by the company.

Yahoo also made the case the plaintiffs in the class action lawsuit didn’t have standing to suggest they have suffered damages that were “traceable” to the breaches—a hurdle that has stopped a number of class action lawsuits in the past.

STRUCTURE SECURITY -- USE THIS ONE
Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Newsweek Media Group

Northern District of California Judge Lucy Koh was unmoved by Yahoo’s argument, noting in her ruling that there have already been a number of cases in which data stolen from Yahoo resulted in harm for consumers.

Among the number of examples Judge Koh cited were a case in which a couple’s credit card information was stolen and used to make fraudulent purchases, a woman who reported a compromised email account led to the theft of her Social Security benefits and a man who was unable to file his taxes because someone had already filed under his Social Security number.

Judge Koh also noted while it may have just been email systems that were breached, Yahoo users trusted those systems with much of their personal information as they completed personal and business tasks and transactions through their accounts. That information became vulnerable after the breaches.

“Users used their Yahoo for a variety of personal and financial transactions, and thus that Yahoo email accounts contained records involving credit cards, retail accounts, banking, account passwords, IRS documents and social security numbers from transactions conducted by email, in addition to other confidential and sensitive information,” Koh wrote in the ruling.

The class action suit against Yahoo will move forward, though it’s not clear what to expect of the case. Earlier this year, health insurance provider Anthem agreed to a record settlement of more than $115 million after suffering a breach that exposed the medical records of 80 million. While that case led to the largest data breach settlement in U.S. history, it also netted just only $1.46 per victim if the amount was split equally.

It shouldn’t come as much of a surprise Yahoo is facing increased scrutiny. When Verizon acquired the company for $4.8 billion earlier this year, the telecommunications company got a discount of about $350 million after revelations about the data breaches came to light.

Verizon also accepted to share legal and regulatory liabilities related to the breaches. It now seems possible a settlement against the company could cost more than the discounted price—though it’s possible Yahoo settles for less than that amount despite the size of the breaches.