Do we know anything about what was "lax" at yahoo? I certainly doubt that the lawyers involved in this have the slightest clue if there was any negligence at all involved. Their calculus is "wow, millions of accounts compromised. Let's go class action!
And then I read through the comments here, and there is indignation at such weak security and lax procedures and they shouldn't just be sued they should all be taken out and shot and big corporations are teh evil!!
What we do know is that the hackers targeting the company were "state sponsored". That means that the equivalent of the NSA targeted Yahoo for penetration.
Does Slashdot really think that China's Ministry of State Security doesn't have the resources to hack into your server? Or the Russian FSB? You really don't think they have the resources to penetrate competently implemented security, particularly when an enterprise comprises tens of thousands of people and hundreds of thousands of devices?
For all I know, Yahoo had an intern drive a box of backup tapes with all of the account info unencrypted to the dump and that's how they got hacked. But somehow I think it was a little more sophisticated than that. And my first thought certainly wouldn't be gross negligence.
And I'm pretty sure the lawyers don't have the slightest bit of evidence that it was gross negligence at this point. They just see the size of the whale, and they'll seek to prove their case later. Or just make enough noise to get a big pile of cash to go away.
If they really had something, I'd feel differently. But somehow I doubt they have anything at all at this point