Last week, Yahoo issued another warning to some of its customers telling them that their personal information may have been compromised in a data breach. This is the third notification to Yahoo users that their information has been exposed. [view related posts here and here].

The discovery was revealed during the investigation of the massive breach it reported last September. The notification states, “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.” The outside forensic firm has identified user accounts that contained the forged cookies to allow the hackers to access their accounts without a password.

As if this isn’t enough, Yahoo shareholders filed a shareholders’ derivative suit in Delaware claiming that the company breached its fiduciary duty by failing to alert 1.5 billion users that their information was stolen by hackers. The main plaintiff is the Oklahoma Firefighters Pension and Retirement System. The suit is against Yahoo, the Chairman of the Board, the company’s co-founder and its CEO.

The Yahoo breach is reported to be the largest in history.