And the story continues to develop. Yahoo – or rather the company holding the remains of the company after the Verizon merger – will pay a fine of $35 million for its failure to disclose the significant data breach in 2014.
At that time, hackers supposedly stole usernames, email address, phone numbers, birth dates, encrypted passwords, and security questions from over 500 million Yahoo users.
As we learned last Fall, the amount of breaches at Yahoo continues to reoccur with 3 million accounts hacked.
The fine comes at a hefty price of 35 million by the Authority of the US Securities and Exchange Commission, which it announced yesterday. The fine will settle the charges against Yahoo for misleading investors and not informing them of the hack until September 2016, when they knew of the incident as early as December 2014. Essentially, Yahoo is being fined for not disclosing timely and keeping the information secret.
The fact that the large company hid the data breach is concerning – from investors and customers alike.
The originality of the hack has been traced back to Russian agents and other criminals. The US Justice department is currently trying to prosecute the individuals involved, which consist of two Russian intelligence agents, a Russian hacker named Magg and a Russian national living in Canada.
Disclosing a data breach late can permanently harm a business – and all of us. Read why in this ITSC article.