Yahoo announced on October 3 that it will notify 2 billion additional user accounts that they were affected by a data theft that occurred in August 2013. The breach impacted not 1 billion accounts as originally disclosed in December 2016, but 3 billion.
The web services provider is now a part of Oath, a fully owned subsidiary of Verizon Communications’ Media and Telematics division. AOL and HuffPost are two other Oath-owned properties. Oath revealed that – through intelligence reports, an investigation, and third-party forensic experts – it learned that every Yahoo user account was compromised by hackers.
Oath issued a statement with additional details about the hack: “The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.”
Yahoo is already subject to at least 41 US consumer class-action lawsuits in US federal and state courts. San Jose, California Judge Lucy Koh ruled in August that Yahoo must face nationwide litigation brought on by account owners who say their personal information was compromised by the data theft. As Yahoo’s owner, Verizon will most likely be the main courtroom target.
The revelation now raises questions about how Verizon will work in the future to protect consumer data.
In 2016, Yahoo disclosed information about two separate cyber breaches. The first, announced September 2016, occurred late 2014 with 500 million Yahoo user accounts compromised; the second occurred earlier 2013, but was of a larger scale, with the originally announced – and now amended – 1 billion accounts.
Verizon claims it will continue to collaborate with law enforcement and take additional steps to enhance security by leveraging Verizon’s considerable resources: In 2016, Verizon generated nearly $126 billion in revenues, and Oath manages 50 media brands engaging 1 billion people globally.
Yahoo and Verizon provide good examples of why it is important to protect your organization’s private data against cyber crime in order to prevent financial and reputational damage.
To receive up-to-date news and information on cybersecurity, sign-up for IT Governance’s Daily Sentinel.