A user yesterday sued Yahoo Inc over gross negligence involving a 2014 hack in which information was stolen from at least 500 million accounts.
The lawsuit was filed in the federal court in San Jose, California, a day after Yahoo disclosed the hacking, which was unprecedented in size, by what it believed was a "state-sponsored actor."
New York resident Ronald Schwartz, sued on behalf of all Yahoo users in the US whose personal information was compromised. The lawsuit has sought class-action status and damages that had not been specified.
According a Yahoo spokeswoman, the Sunnyvale, California-based company did not discuss pending litigation.
According to commentators, the attack hurt chief executive Marissa Mayer's effort to reverse the declining fortunes of the company two months after she agreed to a $4.8-billion sale of Yahoo's Internbusiness to Verizon Communications Inc.
According to Yahoo's statement on Thursday, user information including names, email addresses, phone numbers, birth dates and encrypted passwords had been compromised in the breach.
However, the lawsuit suggested that the breach might have been averted had Yahoo, having been targeted by hackers before, lived up to its promise of taking user privacy "seriously" and strengthened security.
Rajpreet Kaur, senior research analyst at Gartner, said the main challenge organisations faced these days was the increasing gap between ''time to compromise vs time to discover''. Kaur added that organisations needed to invest more on breach detection and response.
''As per Gartner's Strategic planning Assumption, by 2020 60 per cent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 20 per cent in 2015. The disparity between the speed of compromise and the speed of detection is one of the starkest failures discovered in breach investigations,'' Kaur explained.