Yahoo will have to square off in court against victims of its massive data breaches spanning from 2013 to 2016, according to a Reuters report.

Verizon, Yahoo’s new parent company, had asked U.S. federal courts to dismiss all the victims’ claims of negligence and breach of contract, but a judge rejected that request late last week, allowing the bulk of the lawsuit to move forward.

The lawsuit claims that personal information belonging to several billion people was compromised in a series of three breaches. The victims are accusing Yahoo of waiting too long to disclose the data breaches, increasing the risk of identity theft, and requiring those affected to spend their own money on credit monitoring and protection.

In a ruling issued Friday night, U.S. District Court Judge Lucy Koh rejected almost all of Verizon’s dismissal requests, through she did dismiss a small number of claims. The same judge had previously denied other dismissal requests by Yahoo.

Verizon bought Yahoo’s internet business in June. The breaches were not made public until after Verizon announced its plans to purchase the company for nearly $4.5 billion. Ultimately, the disclosure resulted in Yahoo shaving $350 million from the sale price.

Months after the disclosure, in October, Yahoo dropped another bombshell by revealing that all 3 billion of its accounts had been compromised, not the 1 billion accounts it had initially estimated. The U.S. plaintiffs amended their lawsuit in response.

Koh, a San Jose-based judge, said the amended version suggests users might have made different decisions about using Yahoo mail had they known about the breach.

“Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” she wrote.

Yahoo allegedly knew its security was flawed well before the breaches but did little to improve it. However, the company has said it has gone to “unending” lengths to thwart attacks, despite long being the target of “relentless criminal acts.”

Two Russian intelligence officials and two hackers have been charged in the U.S. in connection with one of the breaches. Only one of the defendants has pleaded guilty thus far.  Click below to learn more about Teramind.

Insider Threat Detection