Verizon, which acquired Yahoo in 2016 and renamed the business twice since (Oath, followed by Verizon Media), is attempting to settle the massive data breach the purple company admitted to shortly before being bought out.
In January of this year, a settlement of $50 million was rejected by Judge Koh of the US District Court for the Northern District of California. The revised settlement is now $117.5 million, with a number of conditions meant to rectify the prior settlement’s shortcomings that the judge brought to attention. According to cnn.com, the parent company had this to say:
“We believe that the settlement demonstrates our strong commitment to security,” a Verizon Media spokesperson told CNN Business.
Strong Commitment To Security?
Of course, when viewed in the light of the quite recent prior offer, it will be hard for the telecommunications giant to evade ridicule. For example, if this settlement demonstrates a “strong commitment to security,” what did the settlement in January demonstrate? A half-hearted one? Would the company be amenable to doubling the new figure so that they can show a “very strong” or “extra strong” or “extraordinary” commitment to security?
Granted, this is unfair to Verizon. After all, the company had the data breach fall onto their laps at the last moment. Verizon’s leadership and employees were literally not involved in the data breach in any way or form. In fact, the revelation of the data breach and its timing was such that, undoubtedly, some must have assumed that the move was a “poison pill” meant to derail the acquisition, such was the impact of the surprise disclosure.
In the end, however, Verizon bought Yahoo although it managed to knock off $350 million from the final price. (Initially, $925 million had been asked but rejected).
Assuming that the discount was meant to compensate Verizon for any legal issues arising from the data breach, it seems that Yahoo’s shareholders will feel doubly fleeced: once by Yahoo’s management and again by Verizon, which will keep a cool $132 million or so from the discount if this new settlement is accepted by the judge.
What the Calculations Reveal
What’s really behind the updated settlement figures is probably the following as opposed to a strong commitment to security on the part of Verizon. When Judge Koh rejected the settlement in January, she noted (our emphases):
“The only numbers to which the parties commit in the settlement agreement, motion for preliminary approval, and proposed notice are $50 million for the settlement fund, up to $35 million in attorneys’ fees, and up to $2.5 million in attorneys’ costs and expenses, for a total of $87.5 million,” Koh’s January ruling said. “Based on these numbers, attorneys’ fees would be 40 percent of the settlement fund. Taking account of the additional funds the parties disclosed under seal in their supplemental filing, the Court finds that the attorneys’ fees request remains much greater than the 25 percent benchmark standard used in this Circuit.”
The only way to bring down the attorney’s fees as a percentage (short of asking them to lower it, which probably won’t be happening) is to jack up the settlement figure, assuming the attorney’s fees remain fixed. Indeed, you’d have to nearly double the settlement, which is what this new figure doesn’t quite represent, unless you only base the calculations on the $50 million portion.
If you do, the updated settlement is actually more than what would be necessary to fulfill the “25% benchmark standard,” but Judge Koh did point out some other issues with the original settlement which could only serve to increase the amount, not decrease it.
Regardless, it’s hard to ignore that perhaps the new settlement represents less a commitment to security and more of a commitment to appeasing a judge that’s proved herself to be an obstacle to a final resolution.
On the other hand, Verizon very recently released patches to fix router vulnerabilities, an action that many companies never engage in. Continued moves like this would effectively highlight Verizon’s commitment to information security, much more so than the many millions it pays in settlements using money it wrestled from somewhere else.
Related Articles and Sites: