Last week, we reported that in the world of mergers and acquisitions, cybersecurity due diligence was trending upward. That trend is now likely to climb higher after a federal judge has ruled that data breach victims can sue Yahoo in the United States.

Verizon, which bought Yahoo, was seeking to have claims dismissed; but that bid was mostly not successful. Jonathan Stempel from Reuters reports, “Yahoo was accused of being too slow to disclose three data breaches that occurred from 2013 and 2016, increasing users’ risk of identity theft and requiring them to spend money on credit freeze, monitoring and other protection services.” All told, 3 billion users were affected.

While the judge dismissed some claims, she ruled that Yahoo had done little to address known security issues. And, according to plaintiffs’ allegation, had Yahoo users been aware of the lack of security, they would have “behaved differently.”

Get the full story at Reuters.