Massive Cybersecurity Breach

The Securities and Exchange Commission announces Altaba’s failure to disclose a massive cybersecurity breach, dating back to 2014. In doing so Altaba, formerly known as Yahoo! Inc., agrees to pay a $35 million penalty to settle charges. Altaba is negligent in misleading investors by failing to disclose one of the world’s largest data breaches. For context, the breach was extensive in that hackers stole personal data relating to hundreds of millions of user accounts.

“According to the SEC’s order, within days of the December 2014 intrusion, Yahoo’s information security team learned that Russian hackers had stolen what the security team referred to internally as the company’s “crown jewels”: usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers for hundreds of millions of user accounts.” – Securities and Exchange Commission

Despite knowledge of the behemoth breach, Yahoo senior managers and its legal department fail to properly investigate the breach. Furthermore, adding fuel to the fire, the executives decide not to disclose the breach to investors. More troublesome is that Yahoo’s nondisclosure of the material fact (the breach) does not occur until more than two years later, in 2016. Take note that during this time, Verizon Communications, Inc., is in the process of acquiring Yahoo’s operating business.