Yahoo! Inc. allowed hackers to access personal and confidential information of its users and failed to warn consumers of a cybersecurity breach, a proposed class-action lawsuit claims.
The suit followed within hours of Yahoo’s disclosure Wednesday that a second major security breach may have affected more than 1 billion user accounts. The company said in a statement then it hasn’t been able to identify the “intrusion’’ associated with the theft, which occurred in August 2013.
Suzanne Philion, Yahoo spokeswoman, declined to comment on the lawsuit.
In September, Yahoo said the personal information of at least 500 million accounts was stolen in 2014, exposing data from a wide swath of its users. Yahoo said the attacker was a “state-sponsored actor’’ and stolen information may have included names, email addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, encrypted-security questions and answers.
“Yahoo failed, and continues to fail, to provide adequate protection of its users’ personal and confidential information,’’ New York consumer Amy Vail said in the complaint. “Yahoo users’ personal and private information has been repeatedly compromised and remains vulnerable.’’
Vail filed the suit as a class action, seeking to represent all U.S. Yahoo users. Multiple lawsuits were filed after the first breach disclosure as well; those suits have been combined before one judge in San Jose, California. An initial case-management conference is scheduled for March 2.
The case is Vail v. Yahoo! Inc., 16-cv-07154, U.S. District Court, Northern District of California (San Francisco).