This week’s disclosure that a 2013 data breach may have affected all 3 billion Yahoo accounts then in existence could alter the scope of the consolidated data breach cases currently pending against Yahoo in the federal court in San Francisco. In the wake of the court’s August 30 order denying Yahoo’s motion to dismiss the case, the parties have been in the process of negotiating a schedule for discovery and motion practice. The parties had been due to make their joint scheduling submission to the Court today. However, just last night, Judge Lucy Koh issued an order postponing the submission deadline in order to allow the parties to address the impact of Yahoo’s recent disclosure. The court ordered Yahoo to “disclose to Plaintiffs available information regarding the recent data breach disclosure by October 6, 2017, so that the Joint Case Management Statement can propose a realistic amended case schedule.” The court also directed that Yahoo “expedite its production of discovery regarding the recent data breach disclosure and include a proposal to do so” in the parties’ joint scheduling submission, which is now due to be submitted on October 11, 2017.
The parties’ scheduling submission will reveal their respective positions on the potential significance of this recent disclosure. It is possible that one or both parties could conclude that the newly-disclosed information only affects the size of the class, but otherwise does not alter the nature and scope of the underlying litigation concerning how the breach occurred and whether it resulted from any failure by Yahoo to comply with applicable legal duties. Or, depending on what is initially disclosed, plaintiffs could argue that a whole new set of allegations and claims are appropriate.
But what does seem indisputable is that the size of the putative class has expanded substantially, trebling the estimated size of the class alleged in plaintiffs’ most recent complaint. While it is almost certain that the 3 billion affected Yahoo accounts are not associated with 3 billion unique individuals, the disclosure signals a class that will certainly number in the hundreds of millions, and possibly in excess of a billion individuals, making it possibly the largest plaintiff class ever.
The massive putative class creates significant risks for Yahoo. Were a class that large to be certified, even a tiny probability of loss would weigh heavily in favor of settlement. If the parties do not explore early case settlement, litigation of class certification in this case will be a high stakes and all but dispositive event in the life of this case.
The post 3 Billion Compromised Yahoo Accounts May Yield Largest Plaintiff Class Ever appeared first on Privacy & Security Matters.