Over the last few years, Yahoo has suffered two major hacks affecting millions of its users. However, in both cases, the company kept quiet on the security breaches, all the while compromising the security of its users. Now, it looks like Yahoo may be held accountable for that as the Securities and Exchange Commission is taking issue with the total lack of disclosure.
The SEC originally opened up its investigation into Yahoo back in December, according to The WallStreet Journal. According to people involved with the matter, the commission is looking over documents to determine whether or not Yahoo’s late disclosures were in compliance with civil security laws.
The first major attack on Yahoo took place in August 2013, but the company did not let its customers know until 2016. A similar situation occurred in 2014, where a hack allowed the user details of 500 million accounts to fall into the hands of criminals. Yahoo did not tell its users about this hack until 2016, though the company did admit that some of its employees were aware of the breach well beforehand.
The Securities and Exchange Commission has never brought a case against a company for not disclosing a cyber attack within a reasonable time frame, so this is new territory as far as the law is concerned. Still, news of this investigation has caused Yahoo’s share price to dip once again as more investors jump ship.
KitGuru Says: A company getting hacked is one thing, it happens and for the most part, people are willing to forgive. However, getting hacked and then not letting users know for years is quite a different matter and heavily compromises security. It seems that Yahoo has been completely careless in both of these cases and it deserves some greater consequences for it. Whether or not that comes to fruition remains to be seen though.