Oklahoma Firefighters Pension and Retirement System v. Eric Brandt et al.

On February 20, 2017, BLB&G filed a complaint in the Delaware Chancery Court on behalf of the Oklahoma Firefighters Pension and Retirement System and derivatively on behalf of Nominal Defendant Yahoo! Inc. (“Yahoo” or the “Company”) against current directors and senior executives’ officers of the Company (the "Defendants").  The Complaint was filed following an extensive investigation, including obtaining books and records of Yahoo pursuant to Section 220 of the Delaware General Corporations Law.

The Complaint alleges breaches of fiduciary duties by the Company’s board of directors and senior executive officers to conceal the largest security breach in history for a single website that compromised sensitive private information for more than 500 million Yahoo users.  Yahoo has subsequently admitted in public filings that the Company knew about the security breach as early as December 2014, but failed to disclose them to Yahoo users (the “2014 Security Incident”).  The Complaint alleges that the failure to timely disclose the 2014 Security Incident violated the law and was inconsistent with Yahoo’s past practices, and has exposed the Company to significant damages, investigations and lawsuits.

The Complaint further alleges that the board of directors and senior executive officers breached their fiduciary duties by causing the Company to conceal the 2014 Security Incident from Verizon Communications (“Verizon”) and Yahoo stockholders in order to facilitate a sale of the Company’s core business.  On July 25, 2016, Yahoo announced a deal with Verizon to sell Yahoo’s core business for $4.83 billion in cash, which included Yahoo’s advertising, content, search, and mobile activities.  As part of the sale agreement, the board of directors and senior executive officers caused Yahoo to represent and warrant to Verizon that the Company did not know of any security incidents impacting the Company’s systems.  However, the Complaint alleges that at the time these representations and warranties were made, Defendants knew of the 2014 Security Incident but failed to disclose it to Verizon.  As a result, Defendants caused the Company to agree to materially false representations and warranties, which allowed Verizon to reduce its offer by $350 million and require Yahoo to accept responsibility for at least 50% of any damages recovered by Yahoo users.

Plaintiff seeks to hold Defendants liable for their breaches of fiduciary duty for actively concealing the 2014 Security Incident, which has already caused substantial damages to the Company, injury to its reputation, and subjected it to numerous investigations and lawsuits. 

The parties have agreed to a $29 million proposed settlement. The Court granted preliminary approval of the settlement on October 26, 2018, and following notice to the stockholders, the Court approved the settlement at a hearing on January 4, 2019. This is the first and to date the only derivative action to ever obtain a cash recovery for a data breach. At the settlement hearing, Judge Walsh complimented counsel on both sides, stating that despite the tough issues dealt with in the case, "...on both sides, the intelligence, the persistence, the professionalism was a joy to behold. You're a credit to your clients and I hope they appreciate the fine work you did for them, and a credit to your profession. It was a pleasure to work with you."