PROVIDENCE, R.I (Legal Newsline) — Yahoo’s data breaches are a wake-up call to users that online information needs to be protected, a data privacy lawyer says.
“Very sophisticated companies are becoming victims to very sophisticated cyber intrusions,” said Linn Freedman, chair of the data privacy and security team for Robinson & Cole in Providence.
“People need to understand that when they are using free email services that their information is accessible not only to the company, but they are putting themselves at risk whenever they are putting their personal information online.”
Earlier this year, Yahoo announced that 500 million user accounts were hacked in 2014 and 1 billion accounts were compromised in 2013.
Yahoo has not yet identified who was behind the most recently reported incident but has said a state-sponsored hacker was behind the 2014 attack.
Yahoo’s breach is the largest one to date and likely to cost the company, Freedman said. Even if it successfully fends off litigation, it could take millions in attorneys fees to do so.
“If you take the 1 billion plus the 500,000 back in September, the 1.5 billion has been reported to be the biggest data breach in history," Freedman said. “They’ve already been sued in class action litigation for the one in September and there is no question there will be additional class actions cases that will be brought as a result of this one. So that is very costly.”
She said the most likely course of action for Yahoo will be to file a motion to dismiss the legal claims against them.
“The argument would be that the types of date elements that were compromised in this case will not lead to identity theft or fraud or actual harm by the Yahoo users,” she said. “Filing a motion to dismiss will say that the plaintiffs do not have standing because they haven’t actually suffered harm. The fear of a future harm is not sufficient for a cause of action. That is what we usually see in these cases.”
Freedman also noted that among those accounts compromised were reportedly 150,000 government accounts - “Which would include, potentially our spies and our national security advisers, congressional aids, congressmen. That is pretty significant [and very concerning]."
One of the other major concerns with the breach, Freedman said, was that security questions for accounts were compromised.
"I think that is significant here because security questions are supposed to be questions that people don’t know the answer to and can’t just get on the web and now all of the security questions and answers of a billion people are out there on the dark web," she said.
Cyber-security officials found data being sold on the dark web for $300,000 for each piece of information before the breach was made public, CNN reported. Freedman recommends anyone with a Yahoo account should change their passwords and their security questions.
"The type of information here, when aggregated with other information that is out there on the dark web, has the potential to provide a lot more information about individuals," she said. "People really need to take measures to protect themselves here.”
Freedman’s tips for online users include:
-Limit the amount of information you are putting online;
-Using different passwords and different phrases across platforms;
-Being careful about the apps you use; and
-Reading the terms of use.