There is an old Chinese story with a moral. Since the purpose of the story is to get the reader to understand the moral, I will get straight to the point. The person bearing the mantle of leadership is the one who should take responsibility as well. Marissa Mayer isn’t exactly taking the blame for Yahoo’s massive breaches — somebody else is taking the fall for that — but she has decided to let go of her annual bonus and her annual equity grant this year.
Instead, she has ask that it be redistributed across Yahoo employees. The decision which also involved Yahoo’s board, is being seen as a result of the 2014 security breaches that saw Yahoo get into a lot of trouble and end with Verizon knocking $350 million off the initial price it had agreed to acquire Yahoo for.
Speaking on the topic in a Tumblt post, Mayer said:
I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.
Meanwhile, someone else is being punished more directly. Yahoo general counsel Ron Bell is taking the fall for the massive 2013 and 2014 security breaches that saw hundreds of millions of Yahoo accounts get hacked. Bell, who was a Yahoo veteran and had been with the company since as early as 1999, has already resigned the company and will not be receiving his severance pay.
All these decisions come in wake of the conclusion of an independent investigation the company’s board had been conducting into the matter. Apparently, Yahoo’s security team had discovered the hack as early as 2014 and reported it to the relevant legal staff. However, the team decided not to investigate the matter thinking that the hack was limited in nature and affected merely 26 accounts. Turns out they were wrong,
The investigating team said that Counsel Bell’s team had sufficient information to demand further investigation into the matter. Obviously, that did not happen.
As a result, the 2014 Security Incident was not properly investigated and analyzed at the time, and the Company was not adequately advised with respect to the legal and business risks associated with the 2014 Security Incident. The Independent Committee found that failures in communication, management, inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident.
Mayer meanwhile, has always been saying that she learned of the hack as late as 2016. Well, I don’t know, but something appears to be very wrong here. 500 million account details stolen in 2014 and another billion in 2013 and the company’s chief executive has no idea what it happening.
Yahoo disclosed the truth of the breaches to the public as late as last year with a disclosure of 2015 hack in September followed by another, regarding the 2013 breach, following in December.
Meanwhile, the company has lost well over $360 million in cleaning up the mess caused due to this gross negligence. While Vrizon cut down the size of the check it was about to hand to Yahoo following its acquisition by $350 million, the company had to spend an extra $16 million in damage control. The figures could rise considering that the company currently finds itself facing as many as 43 class action lawsuits.