Revealing two massive breaches affecting over a million users last year hasn’t (and shouldn’t) gone well for Yahoo. The search giant has been facing scrutiny from the community and its troubles are only expediting. Now, the U.S Securities and Exchange Commission is investigating the two breaches with regards to the timeline of their disclosure.
The WSJ reports that the SEC has requested Yahoo for documents pertaining to the attacks back in December. The authorities are willing to know whether Yahoo should have reported the breaches to investors earlier than it did. This investigation is currently in early stages but will massively help define a rough timeline for the disclosure of such hacks to investors.
In the documents requested, the authorities want to look whether Yahoo disclosed the details of the breaches properly. Sources, on the other hand, of the opinion that the said reveal also complied with civil securities laws. The SEC already has laws in place with regards to such cyber attacks. It mentions that a technology giant is expected to disclose the risks of the attack as soon as they’re determined. The investors should immediately be made aware of the effects of the same on them.
The hubbub surrounding Yahoo started off when it surprisingly lifted off the covers from a massive breach in its e-mail servers. This report made it to the interwebs just a couple months after the announcement of its $4.8 billion acquisition by telecom giant Verizon. The search giant had then mentioned that a state-sponsored hacker harvested data of over 500 million users. But, there have also been speculations of the same being conducted by cyber-criminals (which is most likely).
The reveal of this massive breach led the merger deal with Verizon to become a rocky terrain. The telecom giant started questioning the material effects of the same and allegedly wanted a $1 billion rebate. Though these are just speculations. And everything seemed to tread fine until the reveal of another massive e-mail server breach, which happened back in 2014. It was a separate (but most likely connected) event and led to the breach of a billion user’s account information.
And the allegations against the already suffering internet giant didn’t stop there. Yahoo, in one of its investor filings, also disclosed that their internal teams were aware of some breach in the systems back in 2014. But they were not completely aware of the situation and neglected it. The SEC is reportedly looking for material evidence with regards to the same. If the security team at the search giant had a hint of the attack then could the reveal had been made earlier — this is the biggest question. And it is still unanswered.