In 2014, Yahoo! Inc. was involved in one of the largest known data breaches of that time. According to the statement made by the Securities Exchange Commission (SEC), the data breach resulted in the theft, unauthorized access, and acquisition of hundreds of millions of its users’ data and personal information by Russian hackers. Yahoo did not accept or deny these accusations, but settled with the SEC and agreed to pay a $35 million fine.
Within days of the intrusion, Yahoo’s security team knew about the hackers and it was reported to Yahoo’s senior management and legal department, but the information was not disclosed to outside counsel or auditors. The breach was only made known to external experts two years later while closing a deal with Verizon Communications, Inc. to buy Yahoo making it known as Altaba Inc.
The SEC said that because the response time to report such an event was lacking, an enforcement action would be warranted. Additionally, the investigation will continue despite the penalty in order to ensure that cyber breaches and the risk of cyber breaches are properly disclosed and handled going forward. In an effort to prevent future disclosure hindrances, the SEC published a statement with guidance on protocol for “Public Company Cybersecurity Disclosures.”
For the full article, click here.