Is Your Class Action Settlement Reasonable? A Look Inside the Court’s Approval of the Yahoo! Data Breach Settlement May Shed Some Light

Proskauer - Minding Your Business
Contact

Proskauer - Minding Your Business

A federal court recently issued a decision approving a class action settlement resolving litigation stemming from five Yahoo! data breaches that occurred from 2012 to 2016 and affected at least 194 million Yahoo! customers. The company agreed to establish a $117.5 million settlement fund and institute numerous business practice changes designed to prevent future data breaches. Of particular interest in the approval order, however, was the Court’s comparison of the instant settlement to a prior in-district data breach settlement. A review of the approval order provides insight into the factors judges analyze to ensure settlements are reasonable, proper, and in the best interests of the class.

Factors Considered in Evaluating the Settlement

In evaluating a proposed class action settlement pursuant to Federal Rule of Civil Procedure 23(e), a district court must determine if a settlement “is fundamentally fair, adequate and reasonable.”  In doing so, courts may consider, among other factors, the strength of plaintiffs’ case, the risks, expenses, complexity, and duration of further litigation, and the total settlement amount.  In Yahoo!, the Court found that all of these factors supported the approval of the settlement.  Specifically, with respect to the risk, expense, and complexity, the Court noted that the parties reached a settlement prior to the Court’s ruling on hot-button issues, namely class certification and the filing of any Daubert motions.  Thus, the Court was convinced that settlement avoided significant further litigation and provided the class “with timely and certain recovery.”

Comparison of Settlement Amount to Other Data Breach Settlements

In addition, the Court undertook a careful review of the overall settlement amount as compared to the prior in-district settlement associated with Anthem Inc.’s 2015 medical information data breach. See In re Anthem, Inc. Data Breach Litigation.

Comparing Yahoo!’s $117.5 million settlement fund for a class of approximately 196 million to Anthem’s $115 million settlement fund for a class of approximately 79 million, the Court noted that Yahoo!’s per-capita settlement recovery was $0.60 — much smaller than Anthem’s $1.46. In addition, the Court found that “there [were] numerous factors in the instant case that create[d] the expectation of a larger recovery for the Settlement Class than in other data breach cases.” Specifically, Judge Lucy H. Koh focused on the fact that Yahoo! had multiple data breaches over a five year period and, in each instance, denied knowledge of any breach in its filings with the Securities and Exchange Commission and delayed notifying its users even when it “had contemporaneous knowledge of the breaches.” The Court determined that these circumstances “weigh[ed] in favor of a larger settlement” than Anthem, but acknowledged that the personal information at issue may not have been as sensitive as the information stolen in Anthem.

The Court also explained that the Yahoo! settlement “compares favorably [to Anthem] in some respects but unfavorably in others.” For example, Yahoo! provided two years of credit monitoring while Anthem provided six years, but Yahoo! capped out-of-pocket expenses at $25,000 while Anthem’s settlement class members were capped at only $10,000.  Nevertheless, the Court found Yahoo!’s settlement largely followed the Anthem settlement and concluded that the settlement “is a significant sum” and provided “adequate recovery to the settlement class.” Further, the Court was satisfied with the non-monetary business practice changes Yahoo! agreed to implement to prevent future data breaches. These included allocating at least $66 million a year to its information security budget, the employment of 200 full-time security employees, and a commitment to undergo annual third-party security assessments.

Conclusion

Yahoo! makes clear that judicial review of the adequacy and reasonableness of large class action settlements does not take place in a vacuum. To the contrary, the case serves as a reminder that courts rely on prior in-district settlements as points of reference for evaluation of reasonableness, and that ultimately, judges are inclined to approve a settlement if they find that class members will receive an adequate recovery.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer - Minding Your Business | Attorney Advertising

Written by:

Proskauer - Minding Your Business
Contact
more
less

Proskauer - Minding Your Business on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.