Yahoo reportedly under investigation by SEC over data breaches

Yahoo's billboard in San Francisco


Yahoo is facing an investigation by the U.S. Securities and Exchange Commission relating to its failure to promptly disclose to investors information about the two massive data breaches the company revealed last year.

The Wall Street Journal reports that the SEC requested documents from Yahoo in December over whether the company, which is in the midsts of a $ 4.8 billion acquisition by Verizon, properly disclosed details about the cyberattacks and if it complied with civil securities laws.

The road to closing the acquisition has been anything but smooth for Yahoo. Just two months after the purchase was announced, Yahoo claimed that “state-sponsored” hackers stole data from 500 million users back in 2014. That certainly caught everyone off guard and there were rumblings that Verizon would either back out or seek a $ 1 billion discount on the deal.

And if that wasn’t enough, two months after that, Yahoo revealed another hack, this time as far back as August 2013, where more than 1 billion user accounts were compromised by an “unauthorized third party.” Nearly two months later, now we’re hearing about a probe by the U.S. government. This may lead some to wager whether this deal will actually go through or not.

While the investigation focuses on what wasn’t disclosed to investors, it also probably includes the soon-to-be parent company Verizon, who has said repeatedly after each incident that it will “evaluate the situation as Yahoo continues its investigation.”

The Wall Street Journal says that the investigation is still in its early stages so any penalties or legal action is still some time away. However, the probe by the SEC is noteworthy as WSJ indicates the federal agency “has never brought a case against a company for failing to disclose a cyberbreach, given the blurriness of when an issue might be ‘material’.” The publication further notes that it’s unusual because of the scope and timing — sure there have been numerous cyberattacks in the past year, including with Ashley Madison, Target, Dow Jones, and others, but none have come quickly and on this scale soon after an acquisition.

Yahoo referred us to language from its SEC filing where it said it’s cooperating with “federal, state, and foreign governmental officials and agencies seeking information and/or documents about the Security Incident and related matters, including the U.S. Federal Trade Commission, the U.S. Securities and Exchange Commission, a number of State Attorneys General, and the U.S. Attorney’s office for the Southern District of New York.”

But it is also interesting to note that the company reveals its latest financial earnings on Monday. However, it will not hold an earnings call citing its continued acquisition by Verizon.

Security – VentureBeat