Yahoo agrees to pay $50 million to data breach victims

Billions of accounts were compromised in 2013 and 2014.

Yahoo will have to cough up $50 million in damages as part of a settlement following massive data breaches that took place in 2013 and 2014. The first breach affected three billion accounts, while the second affected 500 million accounts -- neither were disclosed until 2016. Hacked information included passwords that were encrypted but could be cracked.

The $50 million fund will compensate affected account holders $25 for every hour spent dealing with the fallout from the breach. Those with documented losses can claim up to $375, while those without records of their losses can ask for up to $125. Account holders that paid for a premium email account will also be eligible for a 25 percent refund. The company will also have to pay for at least two years of credit monitoring services for some 200 million users who had personal information stolen.

Yahoo revealed the data breaches in 2016, after it had already negotiated a $4.83 billion deal to sell its digital services to Verizon Communications (which it later reduced by $350 million as a result of reputation damage resulting from the breach). Verizon will now be responsible for half of the settlement cost, with the other half paid by Altaba Inc, the company set up to hold Yahoo's investments in Asian companies after the sale. Altaba already paid a $35 million fine imposed by the Securities and Exchange Commission for Yahoo's delay in disclosing the breach to investors, so this settlement -- due to be ruled by a judge on November 29 -- is quickly proving one of the biggest, and costliest, consumer data breaches in history.

Update 10/25/2018, 4:11AM ET: Adjusted headline to reflect that Yahoo agreed to the payment.