Altaba, the company formerly known as Yahoo, has agreed to pay a ?25 million fine to the US Securities and Exchange Commission (SEC) for failing to disclose the massive security breaches it suffered back in 2014.
The 2014 attack on Yahoo's server infrastructure saw millions of users' personal details leaked, including names, email addresses, telephone numbers, dates of birth, hashed passwords, and unencrypted security questions and answers. It wasn't until 2016 that the company went public with news of the breach, despite it having known about the breach two years prior - and it's the delay between the company being alerted to the issues and its users and investors receiving the same information which has now come around to bite it in the wallet in the form of a fine from the US Securities and Exchange Commission (SEC).
'We do not second-guess good faith exercises of judgement about cyber-incident disclosure,' SEC Enforcement Division co-director Steven Peikin explains. 'But we have also cautioned that a company?s response to such an event could be so lacking that an enforcement action would be warranted. This is clearly such a case.'
Reply With Quote
Bookmarks