The Northern District of California recently approved Yahoo’s $117.5 million settlement of a class action involving a series of data breaches.  One plaintiff objected to the settlement on the ground that the vendor chosen to provide data monitoring under the settlement, AllClear ID, had over a hundred prior complaints against it related to services provided in connection with other data breach settlements.  The objection was overruled by the district court, and the settlement approved.

The plaintiff has now appealed that approval to the United States Court of Appeals for the Ninth Circuit, claiming that by approving the settlement, the district court improperly disregarded these complaints in light of, among other factors, AllClear’s A+ rating with the Better Business Bureau.  This failure to account for complaints against AllClear, the plaintiff argues, impairs the rights of absent class members who may not receive the benefits of the credit monitoring in the settlement if there are additional issues.

The gist of the appeal is that these hundred or so consumer complaints, which were raised by an unspecified fraction of the class members in large data breach class action settlements over the course of several years, are evidence that the district court’s approval of the same credit monitoring as part of the settlement was unreasonable.  Plaintiff also contends that by relying on the Better Business Bureau’s A+ rating of AllClear, the court abandoned its duty to protect the class and delegated that duty to the BBB. Based on this, the plaintiff asks the Ninth Circuit to vacate the entirety of the settlement and have the district court more specifically address the plaintiff’s objections.

As challenges to increasingly ubiquitous offers of credit monitoring in response to data breaches become more commonplace, the outcome of these challenges may have severe and far-reaching consequences, particularly if these settlements are upset or vacated.   We’ll keep you up to date on how this all shakes out.