SEC fines Yahoo $35 million over 2014 email breach

Company formerly known as Yahoo! hit with $35 million fine in connection with 2014 Russian hack

SEC fines Yahoo $35 million over 2014 email breach

Sonatype President Bill Karpovich on concerns other companies are vulnerable to the same cyber attack as Equifax.

Altaba, the company formerly known as Yahoo, agreed to pay the Securities and Exchange Commission a $35 million fine for failing to disclose to investors a massive data breach for two years, the regulator announced Tuesday.

Yahoo's information security team had found that Russian hackers had swiped the company's "crown jewels", including usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers.

In scooping up Yahoo's digital services, Verizon's strategy was to meld the operations with its AOL division with an eye to becoming a bigger player in the growing market for digital ads.

"Although information relating to the breach was reported to members of Yahoo's senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors", the SEC said.

Apple Says It Will Replace Batteries on Select MacBook Pros
According to Forbes , Apple is offering free replacement batteries for certain models of the 13-inch MacBook Pro . You need to claim free battery replacement within the first five years after the purchase of MacBook Pro.

"We do not second-guess good faith exercises of judgment about cyber-incident disclosure". Equifax, for example, disclosed past year that hackers had obtained sensitive information, including Social Security numbers and dates of birth, for more than 143 million people. However, Verizon-owned Yahoo could also be facing some liabilities as there are several lawsuits on both the hacks that the company suffered in 2013 and 2014 but failed to disclose.

".we [have cautioned] that a company's response to such an event could be so lacking that an enforcement action would be warranted", Peikin said regarding the incident.

He said there was "a complete corporate failure to disclose information about the data breach that was widely known and readily available in the company". Equifax learned about the intrusion at the end of July 2017, but did not tell the public about it until mid-September.

The case highlights a common complaint in the wake of a growing number of cyber breaches: Companies often take months, sometimes years, to disclose a suspected breach, if they report them publicly at all.

Latest News