Yahoo fined USD 35 million by SEC for a 2014 data breach

Wednesday 25 April 2018 10:38 CET | News

The United States Securities and Exchange Commission has fined Yahoo USD 35 million for failing to disclose a security breach that took place in 2014.

The penalty is for the first Yahoo data breach that came to light in 2016 —the one where hackers stole the usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions for over 500 million Yahoo users, according to Bleeping Computer.

Moreover, Yahoo filed its quarterly documents in November 2016, two months after announcing the first breach, admitting that it knew about the breach since 2014, and not 2016, when the breach became public. The SEC argues that Yahoo failed to protect shareholders when it hid the security breach and to set up proper disclosure controls and procedures for its information security team.

However, the fine is small in comparison to Yahoo’s value, according to the online security publication. Verizon bought parts of the original Yahoo company for USD 4.83 billion, and it renamed the Yahoo sections it acquired as Oath, while the leftover Yahoo divisions renamed into Altaba. The latter must now pay the SEC fine.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: SEC, Yahoo, data breach, penalty, fine, hackers, identity theft, US, online security
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions