Yahoo’s recently-announced $80 million settlement of its data breach-related securities lawsuit may be a signal that the plaintiffs’ bar is going to pivot away from pursuing these claims in the form of shareholder derivative lawsuits. In their ongoing effort to capitalize on large-scale data breaches, to date, plaintiffs have struggled to survive motions to dismiss in data breach-related derivative lawsuits (e.g. Target and Wyndham Worldwide). Although the plaintiffs in the Home Depot derivative litigation were able to extract a $1.125 million settlement while the dismissal of that case was pending on appeal, those are not the outsized settlements that traditionally would keep plaintiffs’ lawyers circling.
The Yahoo settlement may not be the panacea to all would-be data breach-related plaintiffs’ woes. Some commentators opine that this settlement should not serve as a reference point for plaintiffs going forward given the unique nature of the Yahoo litigation. Indeed, there was a quantifiable financial impact on Yahoo when Verizon lowered its proposed acquisition price by $350 million based on the data breaches, which were only disclosed after the initial deal was announced. Thus, while the facts of the Yahoo litigation should be sufficiently distinct to limit the application of this settlement’s use as a baseline for future litigation, history tells us that it will likely play out differently at the negotiating table.
Although the $80 million settlement is not monumental based on the size of the settlement alone, and is silent as to whether it will be funded by Yahoo’s D&O insurers, it may have some important implications for pending securities lawsuits (e.g. Equifax, PayPal, and Qudian) since it is the first significant data-breach related shareholder litigation settlement. As a result, D&O insurers should be aware that plaintiffs’ lawyers are likely to pursue these securities class action lawsuits with increased vigor. And, plaintiffs will inevitably utilize the Yahoo settlement as a model for how these data breach-related shareholder securities suits should resolve. With plaintiff’s lawyers armed with this settlement, the potential severity of these data breach-related D&O claims should not go unnoticed.