Yahoo Data Breach Case Settles For $35 Million

Altaba, Formerly Known As Yahoo!, has agreed to pay a $35 million fine to the SEC to settle charges that it misled investors by failing to disclose a huge data breach. Hackers stole personal data relating to hundreds of millions of users in December 2014, including email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers. The breach was not disclosed to the investing public until more than two years later. “Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors,” said Jina Choi, Director of the SEC’s San Francisco Regional Office. The SEC’s order finds that Yahoo did not share information regarding the breach with its auditors or outside counsel, and that Yahoo failed to maintain disclosure controls and procedures designed to ensure that reports from the information security team concerning cyber breaches, or the risk of such breaches, were properly and timely assessed for potential disclosure. Yahoo neither admitted nor denied the findings in the order.