In the event of a determination adverse to the Fund, its subsidiary, directors, or officers in these matters, the Fund may incur substantial monetary liability, which could have a material adverse effect on the Fund’s financial position or results of operations. The Fund may also incur substantial legal fees, which are expensed as incurred, in defending against these claims.
From time to time the Fund may enter into confidential discussions regarding the potential settlement of pending proceedings, claims or litigation. There are a variety of factors that influence the Fund’s decisions to settle and the amount (if any) the Fund may choose to pay, including the strength of its case, developments in the litigation, the behavior of other interested parties, the demand on management time and the possible distraction of the Fund’s employees associated with the case and/or the possibility that the Fund may be subject to an injunction or other equitable remedy. In light of the numerous factors that go into a settlement decision, it is difficult to predict whether any particular settlement is possible, the appropriate terms of a settlement or the opportune time to settle a matter. The settlement of any pending litigation or other proceedings could require the Fund to make substantial settlement payments and result in the Fund incurring substantial costs.
Security Incidents Contingencies
On September 22, 2016, the Fund disclosed that a copy of certain user account information for approximately 500 million user accounts was stolen from the Fund’s network in late 2014 (the “2014 Security Incident”). On December 14, 2016, the Fund disclosed that, based on its outside forensic expert’s analysis of data files provided to the Fund in November 2016 by law enforcement, the Fund believes an unauthorized third party stole data associated with more than one billion user accounts in August 2013 (the “2013 Security Incident”). Verizon subsequently disclosed that the 2013 Security Incident involved over three billion user accounts. In November and December 2016, the Fund disclosed that based on an investigation by its outside forensic experts, it believes an unauthorized third party accessed the Fund’s proprietary code to learn how to forge certain cookies. The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016 (the “Cookie Forging Activity”). The 2013 Security Incident, the 2014 Security Incident, and the Cookie Forging Activity are collectively referred to herein as the “Security Incidents.” The total cumulative amount accrued and paid related to the Security Incidents was $154 million.
Numerous putative consumer class action lawsuits were filed against the Fund in U.S. federal and state courts, and in foreign courts, relating to the Security Incidents, including the following: (1) In Re: Yahoo! Inc. Customer Data Security Breach Litigation, U.S. District Court for the Northern District of California Case No. 5:16-md-02752-LHK (“Federal consumer class action”); (2) Yahoo! Inc. Private Information Disclosure Cases, Superior Court of California, County of Orange Case No. JCCP 4895 (“California consumer class action”); (3) Demers v. Yahoo! Inc., et al., Province of Quebec, District of Montreal Superior Court Case Nos. 500-06-000841-177 and 500-06-000842-175; (4) Gill v. Yahoo! Canada Co., et al., Supreme Court of British Columbia, Vancouver Registry Case No. S-168873; (5) Karasik v. Yahoo! Inc., et al., Ontario Superior Court of Justice Case No. CV-16-566248-00CP (“Karasik”); (6) Larocque v. Yahoo! Inc., et al., Court of Queen’s Bench for Saskatchewan Case No. QBG 1242 of 2017; (“Larocque action”) (7) Lahav v. Yahoo! Inc., Tel Aviv-Jaffa District Court Case No. 61020-09-16 (“Lahav”); and (8) Reinzilber v. Yahoo! Inc., Tel Aviv-Jaffa District Court Case No. 7406-08-17 (“Reinzilber”). Plaintiffs, who purport to represent various classes of users, generally claim to have been harmed by the Fund’s alleged actions and/or omissions in connection with the Security Incidents and assert a variety of common law and statutory claims seeking monetary damages or other related relief. In October 2018, the Fund announced that it had reached an agreement with plaintiffs’ counsel to resolve all pending claims in the federal and California consumer class actions. On December 3, 2018, the Tel Aviv-Jaffa District Court granted plaintiffs’ counsel petition to dismiss the Lahav and Reinzilber actions, in view of the proposed settlement of the federal consumer class action. On January 28, 2019, the Court in the federal consumer class action denied the plaintiff’s motion for preliminary approval of the proposed settlement. On April 8, 2019, the parties filed a revised settlement agreement and renewed motion for preliminary approval. On July 20, 2019, the Court granted preliminary approval. On July 22, 2020, the Court granted final approval and entered judgment. Several class members have filed appeals or intervened in the appeal to object to the settlement. On June 27, 2022, the appellate court issued an opinion affirming the federal consumer class action settlement. On July 19, 2022, the appellate court issued a mandate to close the case.
The Fund has also reached an agreement with plaintiffs in the Karasik action with the aim of resolving pending claims in the Canadian consumer class action cases. The Ontario Superior Court of Justice has approved the settlement. The settlement is
13