The US Financial Observatory SEC imposed a fine on Yahoo! costing 35 million dollars, because he did not report to anyone one of the biggest security breaches in the world.
Yahoo! allegedly knew that its entire user database (billions of usernames, email addresses, phone numbers, dates of birth, passwords) had been tapped access and security questions, from Russian hackers in December 2014.
Security staff advised Yahoo! (the administration and the legal department of the company), who decided not to report it to anyone.
Two years later, when Verizon announced it wanted to buy Yahoo!, the company revealed the massive infringement.
“Yaho! failed to properly investigate the circumstances of the breach and to adequately examine whether the breach should have been disclosed to its investors, ”said Steven Peikin, director of the authorities investigating the case, on Tuesday.
The SEC, through Jina Choi, also reported that: “The failure of Yahoo! to review procedures to assess cyber disclosure obligations ended up leaving its investors completely in the dark A public business it should have controls and procedures in place to properly assess cyber incidents and disclose them to its investors in a timely manner.”
The SEC also found that Yahoo! did not share all information about the breach with its auditors or outside counselconditions.
Yahoo! neither admitted nor denied anything during the investigation by the SEC
And something important:
Earlier this month, Yahoo! has renewed the Mail service. Is anybody interested;