Yahoo Just Got Caught Tracking 300M Users, Claim Your $405 Before December 27 In Class Action Lawsuit

ByAll About Lawyer Reading Time: 11 minutes

In April 2025, Yahoo faces a new federal class action lawsuit (Caplan v. Yahoo Inc., Case No. 1:25-cv-02943) alleging the company secretly tracked 300 million users through its ConnectID technology without consent, circumventing browser privacy protections to build comprehensive user profiles for targeted advertising. Simultaneously, Canadian Yahoo users can still file claims until December 27, 2024, for the $20 million data breach settlement paying up to $405, while the historic $117.5 million U.S. settlement closed in 2020 but established precedent for data privacy violations.

The new ConnectID lawsuit exposes Yahoo’s alleged transformation into a “centralized identity broker” that tracks users across websites and devices—exactly what privacy mechanisms are designed to prevent.

The 2025 ConnectID Privacy Tracking Lawsuit

Plaintiff James Caplan filed the lawsuit in New York federal court, claiming Yahoo’s ConnectID technology represents a privacy-invasive workaround to mechanisms designed to prevent user-based tracking.

How ConnectID Allegedly Circumvents Privacy Protections

Yahoo released ConnectID in 2020 after Apple and Google announced they would phase out third-party cookies and Apple would restrict mobile identifiers. The technology assigns unique identifiers tied directly to users’ email addresses.

According to the complaint, ConnectID operates through server-side data collection that permits Yahoo and partners to track users even when they clear cookies or browse in private mode. Safari can block third-party cookies, but ConnectID allegedly achieves the same invasive tracking while evading browser restrictions.

“Yahoo’s role as a centralized identity broker allows it to uniquely identify individuals and recognize them across websites and devices—exactly what privacy-preserving mechanisms are meant to prevent, and all without user consent,” the lawsuit states.

Yahoo Just Got Caught Tracking 300M Users, Claim Your $405 Before December 27 In Class Action Lawsuit

300 Million Users Allegedly Tracked Without Consent

Yahoo confirmed through ConnectID it successfully identified over 300 million logged-in users. The lawsuit claims the system intercepts email addresses and identifying information when users log into websites—not just Yahoo’s own sites, but partner and third-party sites as well.

The complaint alleges Yahoo uses ConnectID to build comprehensive profiles based on users’ searches, purchases, location information, and online behavior for targeted advertising and to train machine learning algorithms.

“Caplan did not consent to Yahoo intercepting his unique identifiers and other personal data, assigning and using unique identifiers to track him across internet-enabled services and devices, or intercepting and using the contents of his private communications for profit,” the lawsuit states.

Yahoo’s Privacy Policy Allegedly Omits ConnectID Disclosure

The lawsuit claims Yahoo’s Privacy Policy makes no mention of ConnectID, how it works, or that the identifier is tied directly to email addresses and personally identifiable information.

The policy expressly states Yahoo does not share personally identifiable information like phone numbers or email addresses with partners such as publishers and advertisers—yet ConnectID allegedly does exactly that through server-side tracking invisible to users.

Class Members and Affected Yahoo Users

The proposed class includes:

  • California residents with Yahoo email accounts who also had accounts with CBS Sports, Realtor.com, Huffington Post, or Us Weekly
  • All Yahoo users whose email-based identifiers were used for tracking without consent
  • Individuals tracked across partner websites and third-party platforms between 2020 and present

The lawsuit seeks damages for violations of state privacy laws and wiretap statutes, plus injunctive relief requiring Yahoo to disclose ConnectID practices and obtain user consent.

Yahoo’s $4.8 Billion Advertising Business Built on User Tracking

The complaint details how Yahoo transformed from an early internet email provider into a significant player in data, marketing, and ad tech markets.

Beginning with its 2007 purchase of Right Media and continuing through acquisitions of Flurry Analytics and BrightRoll in 2014, Yahoo acquired market and ad tech companies to develop a “user-based online targeting business.”

These acquisitions proved so lucrative that Verizon purchased Yahoo for $4.8 billion in 2017. Yahoo’s value was derived from the new forms of persistent, user-based online tracking it developed through these acquisitions.

When privacy-focused browsers began restricting cookies and mobile identifiers, Yahoo needed new tracking methods to maintain its advertising revenue—allegedly leading to ConnectID’s creation as a workaround.

The $117.5 Million Data Breach Settlement: Final Payments Distributed

While the ConnectID lawsuit represents new allegations, Yahoo’s historic $117.5 million data breach settlement related to 2012-2016 security breaches has concluded in the United States, with claim deadlines long past.

What the 2012-2016 Settlement Covered

The settlement resolved litigation over data breaches affecting all 3 billion Yahoo accounts between 2012 and 2016. Breaches exposed usernames, passwords, email addresses, phone numbers, dates of birth, security questions and answers, and other account information.

Final Settlement Terms:

  • $117.5 million settlement fund approved
  • Two years of credit monitoring services through AllClear ID
  • Alternative cash payments of $100-$358 for those with existing credit monitoring
  • Up to $25,000 reimbursement for documented out-of-pocket losses including fraud and identity theft
  • Up to $375 (15 hours at $25/hour) for time spent responding to breaches
  • Partial refunds for paid Yahoo premium services during the breach period

The U.S. claim deadline was July 20, 2020, and final approval occurred shortly thereafter. Class members who filed valid claims received payments distributed over the following years.

Why the Settlement Amount Was So Low Per Person

Despite the $117.5 million fund, individual payouts proved minimal because the settlement covered 194 million potential U.S. class members. After deducting attorney’s fees, administrative costs, and incentive awards ($7,500 for each of 16 named plaintiffs), the remaining funds were divided among hundreds of thousands of claimants.

Many recipients reported receiving less than $50 despite claims for $100-$358, as the final payout amount depended on total valid claims filed.

Canadian Yahoo Settlement: Claims Open Until December 27, 2024

Canadian Yahoo users still have time to file claims for a separate $20 million settlement approved by the Ontario Superior Court covering the same 2012-2016 data breaches.

Canadian Settlement Payment Details

Eligibility Requirements:

  • Canadian residents with Yahoo accounts between January 1, 2012 and December 31, 2016
  • Did not opt out of the class action
  • Must file claim by December 27, 2024

Payment Structure:

  • Category A Claims: Up to $405 for documented losses
  • Category B Claims: Standard payment for basic eligibility without documented losses
  • Interac e-transfers began August 26, 2025
  • Cheque payments mailed starting August 29, 2025

The Canadian settlement faced years of delays due to objections filed by Saskatchewan plaintiff Emily Larocque, but her appeals were dismissed by the Saskatchewan Court of Appeal on May 25, 2023, clearing the way for distribution.

How to File a Canadian Yahoo Claim

Visit the official Canadian settlement website at yahooclassaction.com to complete and submit claim forms before the December 27, 2024 deadline.

Required information includes:

  • Yahoo account email address used between 2012-2016
  • Proof of Canadian residency during the class period
  • Documentation for Category A claims (receipts, bank statements, time logs)

Contact RicePoint Administration by phone or email with questions about payment status or claim forms.

Yahoo Just Got Caught Tracking 300M Users, Claim Your $405 Before December 27 In Class Action Lawsuit

Legal Statutes Violated in Yahoo Lawsuits

The ConnectID lawsuit and previous data breach litigation invoke multiple federal and state legal protections.

California Invasion of Privacy Act (CIPA)

California’s wiretap statute prohibits intentional interception of electronic communications without consent. The ConnectID lawsuit alleges Yahoo violated CIPA by intercepting users’ email addresses and communications data without authorization.

CIPA allows statutory damages of $5,000 per violation, meaning potential liability could reach billions if a jury finds Yahoo violated the statute for 300 million tracked users.

California Consumer Privacy Act (CCPA)

The CCPA requires businesses to disclose data collection practices and obtain consent before selling personal information. The ConnectID lawsuit claims Yahoo failed to disclose its email-based tracking or provide opt-out mechanisms as required.

CCPA violations carry civil penalties up to $7,500 per intentional violation, plus private right of action for data breaches allowing consumers to recover $100-$750 per incident.

Computer Fraud and Abuse Act (CFAA)

The federal CFAA prohibits unauthorized access to computer systems and data. The data breach litigation alleged Yahoo negligently allowed unauthorized access to its systems, exposing billions of users’ personal information.

While the CFAA primarily creates criminal liability, civil causes of action exist for damages resulting from unauthorized access.

State Data Breach Notification Laws

All 50 states have data breach notification statutes requiring companies to inform consumers of security breaches within specific timeframes—typically 30-90 days after discovery.

Yahoo violated California’s breach notification law by waiting years to disclose the 2013 and 2014 breaches. The company only announced the incidents in late 2016, despite allegedly knowing about them years earlier or failing to detect them for extended periods.

Comparison to Similar Data Privacy Class Actions

The Yahoo litigation mirrors broader trends in data privacy enforcement and class action settlements.

Facebook Cambridge Analytica Settlement: $725 Million

In 2022, Meta agreed to pay $725 million to settle claims it improperly shared users’ personal information with Cambridge Analytica. Payments began distributing in September 2025, with individual payouts ranging from $30-$400 depending on total claims filed.

Like Yahoo, Facebook faced allegations it violated user privacy by allowing third parties to access personal data without proper consent or disclosure.

Equifax Data Breach Settlement: $700 Million

The 2019 Equifax settlement covering 147 million affected consumers initially promised $125 cash payments but ultimately paid less than $10 per claimant after overwhelming claim submissions depleted the fund.

The Equifax experience demonstrates how large settlements can yield minimal individual payments when divided among millions of class members.

Google Location Tracking Settlement: $391.5 Million

In 2022, Google paid $391.5 million to settle allegations it deceived users about location tracking practices. The settlement required Google to provide clearer disclosures about data collection and allow easier opt-outs.

The Yahoo ConnectID lawsuit follows similar patterns—alleging a tech giant deceived users about tracking practices while collecting data for advertising purposes.

What Yahoo Users Should Do to Protect Privacy

While the U.S. data breach settlement has closed, Yahoo users concerned about ConnectID tracking can take immediate protective actions.

Immediate Privacy Protection Steps:

  1. Review Yahoo Privacy Settings: Check account security and privacy controls at account.yahoo.com/security
  2. Enable Two-Factor Authentication: Add extra security layer to prevent unauthorized access
  3. Review Third-Party App Permissions: Revoke access for apps and websites you no longer use
  4. Use Privacy-Focused Browsers: Consider Firefox, Brave, or Safari with tracking prevention enabled
  5. Install Privacy Extensions: uBlock Origin, Privacy Badger, and similar tools block trackers
  6. Delete Unused Yahoo Accounts: If you no longer use Yahoo services, close your account completely

Opting Out of Yahoo’s Data Sharing

Yahoo allows some opt-out options through its privacy dashboard, though the ConnectID lawsuit alleges these options don’t adequately prevent email-based tracking.

Visit Yahoo’s Privacy Controls page to:

  • Opt out of personalized advertising
  • Delete web search history
  • Control what information Yahoo shares with partners
  • Download your account data

How to Join the ConnectID Class Action Lawsuit

The ConnectID lawsuit seeks class certification to represent all affected Yahoo users. Individuals don’t need to take action to be included—if the court certifies the class, all qualifying users will automatically be class members unless they opt out.

To Support the Case:

Attorneys handling the ConnectID lawsuit are seeking additional affected users to strengthen the case with more evidence of Yahoo’s tracking practices.

Contact information:

  • Lead counsel: Milberg Coleman Bryson Phillips Grossman PLLC
  • Case name: Caplan v. Yahoo Inc.
  • Case number: 1:25-cv-02943
  • Court: U.S. District Court for the Southern District of New York

Document your experiences by:

  • Saving examples of Yahoo ads following you across websites
  • Recording instances of ads related to Yahoo email content
  • Noting when Yahoo appears to track your location or purchases
  • Preserving any Yahoo privacy policy communications

Expert Legal Analysis: Case Trajectory and Settlement Potential

Privacy law experts note several factors that could influence the ConnectID lawsuit’s outcome.

Strengths of the Plaintiffs’ Case:

Technology Evidence: Yahoo publicly confirmed ConnectID tracked 300 million users, providing documentary proof of the system’s scope and capabilities.

Privacy Law Evolution: Courts increasingly recognize privacy as a fundamental right, with recent decisions strengthening consumer protections against unauthorized data collection.

Similar Case Precedents: Recent settlements with Google, Facebook, and other tech companies establish that courts take privacy violations seriously and award substantial damages.

Weaknesses Yahoo May Exploit:

Service Agreement Defenses: Yahoo will argue users consented to data collection through terms of service and privacy policies, even if specific technologies weren’t disclosed.

No Concrete Harm: Plaintiffs must prove actual damages from tracking, not just privacy invasion. Courts sometimes dismiss data privacy claims lacking financial harm.

Federal Preemption: Yahoo may argue federal law preempts state privacy claims, though this defense has failed in similar cases.

Settlement Timeline and Potential Outcomes

The ConnectID lawsuit remains in early stages. Based on similar data privacy litigation, the case likely will follow this trajectory:

Expected Timeline:

  • 2025: Motion to dismiss, discovery disputes, class certification briefing
  • 2026: Class certification decision, substantive discovery, expert reports
  • 2027: Summary judgment motions, mediation, potential settlement negotiations
  • 2028: Trial if settlement fails, or final settlement approval

Most class actions settle rather than proceed to trial. If Yahoo follows the pattern of Facebook and Google settlements, negotiations could produce a $100-$500 million resolution within 2-3 years.

Potential Settlement Terms:

  • Cash compensation fund for affected users
  • Injunctive relief requiring ConnectID disclosure and consent mechanisms
  • Yahoo policy changes limiting email-based tracking
  • Independent privacy audits for 3-5 years
  • Attorney’s fees (typically 25-33% of settlement fund)

Resources for Yahoo Users and Class Members

Government Privacy Resources:

Settlement Information:

Privacy Tools and Education:

Frequently Asked Questions

Can I still file a claim for the Yahoo data breach settlement?

U.S. residents cannot file new claims—the July 20, 2020 deadline has passed. However, Canadian residents can file claims until December 27, 2024, for the $20 million Canadian settlement at yahooclassaction.com. Canadian payments up to $405 are currently being distributed via Interac e-transfer and cheque.

What is Yahoo ConnectID and how does it track me?

ConnectID is Yahoo’s email-based tracking system that assigns unique identifiers to users, allowing Yahoo to track activity across websites and devices even when you clear cookies or use private browsing. The April 2025 lawsuit alleges Yahoo uses ConnectID to intercept email addresses when you log into partner websites, building comprehensive profiles without consent.

How much money did people receive from the Yahoo settlement?

U.S. settlement payments varied widely. Those claiming only credit monitoring or $100 alternative compensation received minimal amounts (often under $50) due to the large number of claims. Those with documented out-of-pocket losses up to $25,000 received reimbursement based on submitted receipts. Canadian settlement payments are currently distributing with amounts up to $405.

Am I automatically included in the ConnectID class action lawsuit?

If the court certifies the class, all qualifying Yahoo users will automatically be class members unless they opt out. You don’t need to take action to be included. Certification typically occurs 1-2 years after filing. Monitor the case at the official settlement website if one is established.

What legal violations is Yahoo accused of in the ConnectID case?

The lawsuit alleges violations of California’s Invasion of Privacy Act (wiretap statute), California Consumer Privacy Act, and other state privacy laws. Yahoo allegedly intercepted electronic communications without consent, failed to disclose data collection practices, and circumvented privacy protections designed to prevent user tracking.

Why did the original Yahoo settlement pay so little per person?

The $117.5 million fund covered 194 million potential class members. After deducting attorney’s fees (typically 25-33%), administrative costs, and incentive awards, the remaining amount was divided among hundreds of thousands of claimants, resulting in minimal individual payments despite the large total settlement.

How do I opt out of Yahoo ConnectID tracking?

Visit Yahoo’s Privacy Controls dashboard to opt out of personalized advertising and limit data sharing. However, the lawsuit alleges these controls don’t prevent email-based ConnectID tracking. For maximum protection, use privacy-focused browsers with tracking prevention, install ad blockers, and consider closing unused Yahoo accounts.

Legal Disclaimer: This information is for educational purposes only and does not constitute legal advice. Consult an attorney specializing in class action litigation or data privacy law for legal guidance regarding your specific situation.

Related Articles:

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *