Skip to main content

The SEC opens an investigation into Yahoo regarding its data breaches

how yahoo is mining for gold in your junk mail campus
Global PR
It’s been years since a couple of massive data breaches at Yahoo compromised information of more than 1 billion users and months since the company disclosed it, but the headaches are still far from over for the ailing tech giant. On Monday, the Wall Street Journal reported the Securities and Exchange Commission has opened an investigation examining whether the behemoth hacks should have been reported in a more timely fashion to investors. The ruling on the case may set an important precedent on whether or not it is necessary for companies to reveal security breaches.

The SEC first requested documents from the Sunnyvale, California-based company in December and will be determining whether Yahoo complied with civil securities laws in its disclosure tactics. Current SEC requirements necessitate that companies alert cybersecurity risks if they might affect investors.

Yahoo first revealed the 2014 data breach that affected at least 500 million users last September and waited until December to make public information about a hack that occurred in August 2013 that affected more than a billion users. This is not the first time the SEC has conducted such an investigation — following the Target hack in 2013 that left some 70 million credit and debit card accounts exposed, the regulatory body has been vigilant in ensuring that companies followed proper protocol in telling the public — or at least, their investors.

While the SEC has actually never brought a case against a company for not informing relevant parties about a cyberattack, this case could be unique in a number of ways. After all, Yahoo may soon be acquired by Verizon, a deal that was made all the shakier when news of the hack first came out in 2016. “Here you are talking not just about the potential for a data breach, but a deal blowing up because of a data breach,” John Reed Stark, a cybersecurity consultant who previously ran the SEC’s office of internet enforcement, told the Wall Street Journal.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Time is running out to file a claim in Yahoo data breach settlement
how to file a claim yahoo data breach settlement deadline

If you were affected by the Yahoo data breach between 2012 and 2016, you only have until July 20 to file a claim. 

People affected by the breach could be eligible for free credit monitoring services and/or up to $100.The money is part of a $117.5 million class-action settlement. After deducting for services and expenses from lawyers, that leaves about $85 million to pay out claims. 

Read more
Marriott data breach: What to know and how to protect your data
Marriott Hotel

Marriott says customers' names, addresses, phone numbers, and other personal details were accessed in a large data breach -- the second to hit the hotel chain in less than two years.

In a statement Tuesday, Marriott announced that the information was accessed using the login credentials of two employees at a franchise property at the end of February. Among the stolen data could be:

Read more
Wawa data breach: Hacker is selling 30 million credit cards on the dark web
wallet with cash and cards

Credit card data from a security breach that affected an East Coast convenience store chain last year was discovered being sold in the corners of the dark web this week. The amount of data stolen makes it the third-largest credit card breach in history.

Wawa convenience stores announced the attempts to sell the data in a news release on January 28. According to the Gemini Advisory Board, a company that identifies cyberthreats, the credit card information was found on the website called Joker’s Stash marketplace and exposed customer data from 30 million cards. 

Read more