View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 27, 2016updated 03 Oct 2016 4:33pm

World’s biggest data breach: 6 possible consequences for Yahoo!

500 million Yahoo email accounts were affected in the largest data breach ever.

By Alexander Sword

So much about the Yahoo breach is still unknown, including how it happened and what data was actually lost.

However, here are some key consequences of the breach which could impact Yahoo in the coming months and possibly years.


1. Lawsuits

There have already been reports of disgruntled Yahoo users launching lawsuits against the internet company.


Lawsuits have been filed against Yahoo over the breach.

One California-based group of plaintiffs filed a class action on behalf of all of those affected by the breach. This was done under several parts of the California Civil Code such as the Consumer Legal Remedies Act, the Federal Stored Communications Act and the Unfair Competition Act.

A man called Ronald Schwartz has also filed a suit in New York against Yahoo.

Considering that the breach affected 500 million accounts, the pay-outs could be massive.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

2. Reputation and brand damage

Yahoo has been struggling to keep up with its erstwhile competitors from its internet heyday such as Google.

Despite many acquisitions, it has failed to achieve the same adaption that its competitors have managed. For example, Yahoo has seen its share of internet search traffic snapped up by Google and other providers.

According to, as of July Yahoo had a global search share of 7.68 percent, behind Baidu at 8.8 percent, Bing at 11.31 percent and Google at 70.16 percent.

It is a shame, then, that a service which still held a hefty chunk of the market, email, has now been cast into disrepute.


TalkTalk saw a dip in profits after it was hit by a cyber attack.

TalkTalk saw its profits halve in the quarter following its data breach. If customers blame Yahoo for the breach or no longer trust Yahoo to protect their data there could be huge consequences.

This could deprive Yahoo of a rich repository of useful data and a key revenue stream.

Yahoo works as the email backbone for several other providers, such as BT. These companies may be keen to avoid attracting bad press from Yahoo’s breach and may aim to move more customers onto their own or other services.

3. Regulatory fines

Yahoo is lucky that the General Data Protection Regulation is not already in place; if this were the case, it could be looking at a fine of 2 percent of its annual worldwide turnover for taking two years to report the breach.

This doesn’t mean that there will be no response from data regulators, however. Several national data regulatory authorities, including the UK’s Information Commissioner’s Office (ICO) and Ireland’s Data Protection Commissioner are looking into the breach.


Elizabeth Warren of Massachussetts and other US senators signed a letter to Marissa Mayer raising questions about the hack.

In the US, according to a blog by Varonis, there is no “federal notification law with any teeth” that will apply in this case. However, a senator has asked the SEC to investigate the hack and a group of Democrat senators have written a letter to CEO Marissa Mayer demanding action.

However, in the state of California, the regulator requires notification on the discovery of unauthorised access.

“So Yahoo can expect a visit from the California attorney general in its future,” said Varonis.

4. Verizon buy-out and investor action

Yahoo’s investors include a small but determined faction of activist firms which have been agitating for a long time against the company’s performance.

As Mayer took maternity leave in December, Yahoo investor SpringOwl Asset Management proposed a new plan to cut the company’s workforce by 75 percent and oust her.

Spending on employee perks such as free food and iPhones came under particular criticism, as well as spending on lavish company events such as a $7 million Great Gatsby-themed party. SpringOwl said that the fact that 15 percent of Yahoo’s top performers left in the course of 2015 was an indictment of Mayer’s leadership.

Theoretically the opinions of investors don’t matter so much anymore; Yahoo is set to be sold off to Verizon for just under $5 billion.

There are clauses that Verizon could theoretically activate off the back of this information in order to terminate or renegotiate the deal.

If the deal does fall through then Yahoo may face tough action from investors as it searches for a new buyer: one that will likely offer less than the sum Verizon was willing to pay.


5. Degraded consumer experience

Whether Yahoo is hit by another breach or not, it now carries the stigma of being hit in a cyber breach.


Yahoo has a considerable share of the email market.

However, the loss of user data means that the customers that do not desert the platform could be subject to more cyber attacks and more spam due to the leaking of their email addresses on the internet.

As the email addresses were posted on the dark web, they were accessible to criminals who might collect them and use them for phishing or other large-scale attacks.

This may alienate Yahoo’s users by subjecting them to a possible barrage of new junk mail.

6. Security expenditure

In the long-term, Yahoo is going to have to demonstrate that it is taking security issues quickly.

Estimates for the proportion of a company’s earnings that should be spent on cyber security vary widely depending on whom you ask.

However, the company will be forced to start shelling out cash in order to ensure it is prepared for the next breach.

While Yahoo claims to have strict security practices, it will have to examine its defences as well as the poor policies in place that allowed a breach to go undetected for two years.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.