The Yahoo! class action over the 2013-2014 hacks, affecting 1 billion (later updated to 3 billion) accounts, is poised to settle for $85 million – and the provision of free credit monitoring services for 200 million account holders for 2 years.
While $85 million may seem like a relative bargain compared to the $350 million Verizon knocked of the sale price during the purchase of Yahoo!, the real cost is likely in the credit monitoring service. As this article notes, the current market rate for a credit monitoring subscription is about $14.95/month, or $359 per person for 2 years. Multiply $359 by 200 million people, and at full retail price they’d be looking at a $71.8 billion price tag! Of course Yahoo! won’t pay anywhere near that rate. Plus, many of the ~200 million people that held those 1 billion accounts may already have credit monitoring, and may not elect to opt in.
The settlement didn’t disclose how much Yahoo! would be paying for the credit monitoring service. Nevertheless, as an exercise let’s say Yahoo! gets a 95% discount on the rates (down to about $17.95 per person for 2 years) and only 25% of the 200 million people opt in. That would still be an $897.5 million expense over 2 years. Considering they’re willing to settle, and experts were estimating the average value of each account at $1 and $8 each – for 1 billion accounts – the total cost of this should be somewhere south of $1 billion. However much it ends up being, this is yet another illustration of the significant impact data breaches can have on expenses and value.
A link to the filed settlement agreement can be found here.