Privacy News Yahoo Under SEC Investigation for Taking Too Long to Reveal Data Breaches

[Exterminator]

Yahoo is in big trouble with US authorities due to how it handled the massive data breaches it disclosed last year, more specifically its failure to inform investors of the issues at an earlier time.

The United States Securities and Exchange Commission (SEC) has launched an investigation, the Wall Street Journal reports, which is yet in its early stages. The point of it all is to figure out whether the way Yahoo disclosed the information is in compliance with the civil security laws in place.

Yahoo admitted in a quarterly filing that it was cooperating with federal, state and foreign agencies that were all seeking both information and actual documents regarding the security incident and any related matters.

Last year, Yahoo revealed the top two largest data breaches in history, going as far as to say that a state-sponsored actor was at the root of it all, without giving a name.

Yahoo's hacker problem
The first hack was reported in September. At the time, they said some 500 million user accounts had been affected. Yahoo claimed hackers stole names, email addresses, telephone numbers, dates of birth, hashed passwords, as well as encrypted or unencrypted security questions and answers. Sensitive banking information such as account numbers and credit card data were safe from the prying eyes of the hackers.

The problem is that it all started over a month before this announcement, when a hacker claimed to be selling data from 200 million Yahoo users, data that was extracted in 2014. The company announced that it was investigating the situation, but it took nearly two months before it revealed the magnitude of the breach.

The second hack, the largest in history so far, was revealed in December. Then, Yahoo said over 1 billion accounts had been compromised, with the data having been stolen in August 2013. This time, the hackers stole names, email addresses, telephone numbers, hashed passwords, dates of birth, as well as encrypted and unencrypted security questions and answers for some of those accounts. Yahoo believes this all happened after an unauthorized third party accessed the proprietary code, which it then used to forge cookies.

Yahoo has been in hot water ever since then, especially since it was already in talks of a takeover with Verizon. There have been many questions as to why it took so long for Yahoo to figure out its data had been stolen and just what it does to protect its users across the world.

Earlier this month, it was revealed that Yahoo’s operating business will still be moving under Verizon’s umbrella under a $4.8 billion deal, while whatever is left of Yahoo will be renamed Altaba Inc. Altaba is a holding company for that 15% stake Yahoo has in Alibaba and the 35.5% stake it has in Yahoo Japan.