Back in 2013, Yahoo was subject to a hacking attack, where as many as 3 billion user accounts (around 200 million people) were affected with personal data being stolen. This included names, birthdays, email addresses, phone numbers and more! Some users were subject to identity theft as a result of the security breach. There was a smaller data breach to follow in 2014, affecting around 50 million users.
Despite these data breaches taking place in 2013 and 2014, Yahoo failed to disclose the information until December 2016. As a result, the Securities and Exchange Commission (SEC) hit Yahoo with a $35 million fine for failing to notify everyone in a timely manor. This was back in April. At the time, the Securities and Exchange Commission reported that “Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors”. But this $35 million fine is just the start.
Although the California federal court still need to approve the settlement, according to reports, Yahoo have been ordered to pay $50 million in damages for the 200 million people across the US and Israel affected by the data breach. Yahoo must also provide users with credit monitoring services for 2 years going forward.
Since the 2013 and 2014 security breach, Yahoo have been purchased and taken over by Verizon which took place on 23rd June 2017. Verizon had agreed to purchase Yahoo’s main internet business for $4.8 billion but was reduced to $4.5 billion following Yahoo’s disclosure on the data breaches. As a result, Verizon will now have to pay half of the settlement, with the other half being taken care of by Altaba Inc..