The penalty is for the first Yahoo data breach that came to light in 2016 —the one where hackers stole the usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions for over 500 million Yahoo users, according to Bleeping Computer.
Moreover, Yahoo filed its quarterly documents in November 2016, two months after announcing the first breach, admitting that it knew about the breach since 2014, and not 2016, when the breach became public. The SEC argues that Yahoo failed to protect shareholders when it hid the security breach and to set up proper disclosure controls and procedures for its information security team.
However, the fine is small in comparison to Yahoo’s value, according to the online security publication. Verizon bought parts of the original Yahoo company for USD 4.83 billion, and it renamed the Yahoo sections it acquired as Oath, while the leftover Yahoo divisions renamed into Altaba. The latter must now pay the SEC fine.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now