The New York Times reports that corporate officers for Yahoo! have been successfully sued for their conduct in the Yahoo! data breaches.
The former officers and directors agreed to pay $29 million. But a couple of notes on this:
No one who had their data stolen will get any money out of this.
Lawyers will get about $11 million of the settlement, the rest goes to the company.
The officers and directors aren’t actually paying the money; their insurance company is picking up the tab.
The actual wording of the settlement is:
As consideration for the Settlement, and subject to the terms and conditions of the Stipulation, the Settling Defendants, as separately agreed between them, shall cause their insurance carriers to pay twenty-nine million dollars ($29,000,000.00) in cash
Will this cause insurance companies to become more involved in the monitoring of the security of the companies they insure?
Full disclosure, I work part-time on FICO’s Enterprise Security Score, which calculates the relative likelihood that a company will have a significant breached over the next year.
PS. Looking for the ESS link above, I ran across this handy video that helps explain ESS. I work on ESS, and I didn’t even know about this video. I guess that is what happens when you work for a largish company.