Yahoo Settlement Underlines Board Vulnerability

The email breach that exposed the personal information of 1.5 billion Yahoo users did not trigger a big drop in the company’s share price, which led to skepticism on the part of some observers that a securities class action could succeed. That’s why the recent $80 million settlement is considered a milestone in shareholder settlements related to a data breach. It also raises questions about board liability stemming from data breach litigation in the future. Many boards have made little headway with cybersecurity governance, possibly because the inability to effectively measure the overall cost of a breach has left the false impression that they can’t really be harmed. The Yahoo settlement will embolden plaintiff attorneys to take on shareholder derivative cases. “The boards are going to be targets,” says Jeff Dennis, managing partner and cybersecurity practice head at Newmeyer & Dillion. “They need to protect themselves.”