2016 may be over; Yahoo may have tried to get a new name, but the security disasters that came to light last year aren't letting go of the company. Authorities in the United States are now investigating whether the two massive data breaches that were publicized in 2016 should have been reported to the company's investors sooner. The Wall Street Journal, citing "people familiar with the matter," reports that the Securities and Exchange Commission has opened an investigation.
The Commission is looking into "whether the tech company’s disclosures about the cyberattacks complied with civil securities law."
SEC investigating why Yahoo delayed disclosing data breaches
In August last year, reports revealed a hacker was selling data of over 200 million Yahoo accounts on the dark web. The company admitted in September that it had suffered a breach in 2014 and disclosed that over 500 million users were impacted. Then in December, Yahoo announced that another billion accounts had been compromised in a separate breach in 2013. Stolen information included names, email addresses, phone numbers, birth dates, and hashed passwords.
It is still unclear why it took Yahoo over two years to disclose the incidents publicly after the breaches happened. Who made the decision to wait before this information was made public, no one knows as yet. The SEC wants to know why the tech giant kept the breaches a secret before disclosing them after its deal was closed with Verizon. Reports in December had suggested that some employees were aware of the data breach, but the company (or the employees) chose to remain silent.
Using Yahoo's case, the Commission is reportedly also looking to clarify to other companies "what type of disclosures it views as potentially violating the law in this area." Since in Yahoo's case, it's not "just about the potential for a data breach, but a deal blowing up because of a data breach,” John Reed Stark, a cybersecurity consultant told WSJ.
"The SEC investigation into the disclosures is in its early stages, and it’s too early to say whether it will result in any public action," the publication reported.
Yahoo is currently negotiating a deal with Verizon, who is reportedly seeking discounts after the breach reports were announced last year.
