A proposed $117.5 million settlement involving multiple data breaches could net Yahoo users $100—but like the Equifax settlement, there’s a catch. You can only claim a $100 payout if you already pay for a credit-monitoring service. Otherwise, you’ll have to settle for two years of credit monitoring paid for by Yahoo.

The breaches affected Yahoo users who had an account from 2012 to 2016. In order to receive any benefits, you’ll need to file a claim online or by mail by July 20, 2020. In the largest breach, which happened in August 2013, three billion Yahoo accounts were compromised.

Users who object to the settlement or want to opt-out must do so by March 6, 2020.

The settlement sets up a $117.5 million pool of money for paying claims. That amount is fixed, meaning Yahoo users could end up getting less than $100 depending on how many people file claims. If fewer people than expected sign up, payouts could go as high as $358.80.

Here’s a look at the various breaches:

  • 2012 Data Security Intrusions: From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems. The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems.
  • 2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts.
  • 2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.
  • 2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts.

The settlement provides “out-of-pocket costs for losses related to the data breaches; and reimbursement of some costs for those who paid for Yahoo premium or small business services.” The settlement fund will also cover attorneys’ fees, costs, and expenses.

A hearing is set for April 2, 2020, in San Jose to approve the settlement. Learn more at this website.