View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 23, 2017

Yahoo faces new SEC data breach investigation

Investigation surrounds why the company took two years to disclose the data breach.

By James Nunns

The seemingly never ending data breach saga surround Yahoo has stepped up a notch after the U.S. Securities and Exchange Commission launched a new investigation into a previously disclosed data breach.

The purpose of the investigation is to discover whether Yahoo should have reported its two massive data breaches sooner to investors, according to the WSJ.

The SEC is said to have already opened the investigation and issued a request for document in December.

Yahoo is required to have reported the breaches in line with civil securities laws, with the SEC requiring that companies disclose any cybersecurity risks as soon as they are deemed to have an effect on investors.

The main bulk of the investigation is expected to closely examine the 2014 data breach which leaked the data of 500 million users. This breach was revealed in September 2016. SEC

Yahoo continues to face intense pressure regarding its future and the nature of the cyber attacks that hit it in both 2014 and 2013, with one billion user accounts being breached in 2013.

The company has failed to explain why it took two years to reveal the 2014 attack.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

This isn’t the first time the SEC has come in to investigate the reporting of a data breach. Target was previously under the microscope regarding a breach in 2013 that saw 70 million credit and debit card accounts hacked. The company reported the breach a few weeks after the breach began and the SEC didn’t recommend any enforcement action.

Although the SEC is investigating Yahoo, it has never taken action against a company for failing to disclose a cyber attack.

The SEC isn’t the only agency looking into the breach, with the Federal Trade Commission, the U.S. Attorney’s Office in Manhattan and a number of State Attorney Generals also said to be investigating.

Yahoo is expected to report its fourth-quarter earnings on Monday, after the market closes in the US.

Topics in this article: , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU