[BreachExchange] Company formerly known as Yahoo will pay $35 million to settle federal charges over 2014 hack

[Audrey McNeil]

https://www.pbs.org/newshour/nation/company-formerly-known-
as-yahoo-will-pay-35-million-to-settle-federal-charges-over-2014-hack

The company formerly known as Yahoo is paying a $35 million fine to resolve
federal regulators’ charges that the online pioneer deceived investors by
failing to disclose one of the biggest data breaches in internet history.

The Securities and Exchange Commission announced the action Tuesday against
the company, which is now called Altaba after its email and other digital
services were sold to Verizon Communications for $4.48 billion last year.
The Sunnyvale, California-based company, which is no longer publicly
traded, neither admitted nor denied the allegations but did agree to
refrain from further violations of securities laws.

Personal data was stolen from hundreds of millions of Yahoo users in the
December 2014 breach attributed to Russian hackers. The SEC alleged that,
although Yahoo senior managers and attorneys were told about the breach,
the company failed to fully investigate. The breach wasn’t disclosed to the
investing public until more than two years later, when Yahoo was working on
closing Verizon’s acquisition of its operating business in 2016, the SEC
said.

“Yahoo’s failure to have controls and procedures in place to assess its
cyber disclosure obligations ended up leaving its investors totally in the
dark about a massive data breach,” Jina Choi, director of the SEC’s San
Francisco regional office, said in a statement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180424/830ced0b/attachment.html>