Yahoo fined $35 million for failing to disclose data breach

Altaba, formerly known as Yahoo! Inc., has agreed to pay a $35 million fine for failing to disclose one of the world’s largest data breaches.

The breach, which occurred in December 2014, involved Russian criminal hackers stealing usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers. Hundreds of millions of users were affected. Yahoo’s information security team was informed of the breach within days of the intrusion, yet it wasn’t until 2016 that it disclosed this information when in the process of closing the acquisition of its operations by Verizon Communications Inc.

According to the Securities and Exchange Commission (SEC), Yahoo failed to disclose the breach with its auditors or outside counsel. The SEC also found that Yahoo did not maintain disclosure controls and procedures designed to ensure that reports from the information security team concerning breaches were timely and properly assessed for potential disclosure.

According to the SEC, “Yahoo neither admitted nor denied the findings in the SEC’s order.”

Data protection is vital to your organization

On May 25, 2018, the General Data Protection Regulation (GDPR) will take effect in the EU. The GDPR applies to any organization processing and storing EU residents’ personal data, irrespective of location or where the data is processed. US companies with any connection to Europe – whether through subsidiaries, customers, or suppliers – stand to be affected. Organizations that fail to comply with the GDPR face fines of up to €20 million (about $24 million), or 4% of annual global turnover – whichever is greater.

Reputational damage can be even more costly than financial penalties and can be harder to resolve. Act now to protect your organization.

Prepare for the GDPR

Book the Certified EU GDPR Foundation Online Training Course now to learn from the experts how the GDPR will affect your organization, understand the implementation path to ensure GDPR compliance, and avoid heavy fines and loss of reputation resulting from data breaches.

Save 15% when you book the Certified EU GDPR Foundation and Practitioner Combination Online Course.