Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 5 MINUTES AGO.
You are here: Home / Data Security / SEC on Yahoo's Case for Breaches
SEC on Yahoo's Case for Data Breaches
SEC on Yahoo's Case for Data Breaches
By Jef Cozza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
23
2017
Getting hit with hacks that hacks that affected more than a billion users may have only been the beginning of Yahoo’s troubles. The company is now being investigated by the Securites and Exchange Commission (SEC) over how it responded to the attacks.

According to reports, the SEC is looking into whether the company should have disclosed more information about the attacks to their investors. At issue is the timeliness of Yahoo’s response to two separate hacks. The first, occurring in 2013, consisted of a data breach involving over a billion user accounts. The second took place in 2014 and involved around 500 million accounts.

SEC Requests Documents from Yahoo

The SEC requires companies to disclose information about such data breaches to their investors as soon as they determine that they could potentially have material impacts on the companies' stocks. In December, the agency issued a request for documentation to Yahoo on its reporting process, according to reports.

Although the first breach took place more than three years ago, the company did not begin disclosing the attacks until a few months ago. The SEC will likely be looking into whether Yahoo breached civil securities laws by failing to report the attacks sooner.

The agency originally issued guidance to all publicly held companies in 2011 informing them of the responsibility to report any data breach that could materially affect investors. If the SEC ultimately decides to pursue a case against Yahoo, it will be a major test case for the agency’s new regulations regarding such disclosures.

Threatening the Sale to Verizon

The SEC has already investigated other companies over similar circumstances. For example, the agency has looked into the 2013 data breach of Target Corp, which resulted in the release of information on as many as 70 million credit and debit card accounts. However, in that case, Target disclosed the attack only weeks after it had occurred, and the SEC ultimately decided not to pursue any actions against the company.

The case against Yahoo may prove to be a very different situation, given the considerable amount of time that elapsed between the breaches and their revelations by the company. In September, U.S. Senator Mark Warner, a Virginia Democrat, wrote an open letter to SEC Chairwoman Mary Jo White to look into the breached based on suggestions that Yahoo CEO Marissa Meyer may have known about the attacks as early as July.

The news of the SEC’s investigation is only the latest in a series of negative developments for the Internet company, which is in the middle of a merger with Verizon. The Internet service provider is reportedly trying to cut is agreed-upon price of $4.8 billion deal by $1 billion in the wake of the hacking disclosures.

If the SEC decides to pursue enforcement actions against Yahoo, Verizon might prove even more skittish about the deal, requesting an additional discount or threatening to walk away entirely.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
A computer programmer who created malware used to hack the Democratic National Committee during the 2016 U.S. presidential race has become a cooperating witness in the FBI's investigation.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.