Slashdot Mirror

← Back to Stories (view on slashdot.org)

SEC Issues $35 Million Fine Over Yahoo Failing To Disclose Data Breach (theverge.com)

Posted by BeauHD on from the fork-it-over dept.

Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.

35 comments

  1. End of Yahoo? by jwhyche · · Score: 2

    Does Yahoo have 35 million laying around? I Yahoo even worth this much to verizon?

    --
    I read at +2. If your post doesn't reach that level I will not see or respond to it.
    1. Re:End of Yahoo? by greenwow · · Score: 2

      Verizon paid $4.48 billion for them so you would think that wouldn't be a problem.

    2. Re:End of Yahoo? by Anonymous Coward · · Score: 0

      In the agreement Yahoo is still responsible for shareholder and SEC lawsuits so maybe they don't have the free cash to pay. I bought into their IPO assuming I remember correctly that was twenty-two years ago last week. They might not have the cash to pay.

    3. Re:End of Yahoo? by Anonymous Coward · · Score: 0

      The fine is against Altaba, which is a separate holding company. Nothing to do with Verizon now.

    4. Re:End of Yahoo? by Anonymous Coward · · Score: 0

      Excuse me but Yahoo! has an exclamation mark in it's name.

    5. Re:End of Yahoo? by arglebargle_xiv · · Score: 1

      Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach

      "Smithers, take it from petty cash, and we're done". The GDPR may be a bit overreaching in places, but one thing they have got right is the fines, that's something companies can't ignore any more. For the first time, shareholder value will now be tied to looking after people's private details.

    6. Re:End of Yahoo? by Anonymous Coward · · Score: 0

      Excuse me but "it's" is the abbreviation for "it is", genius.

  2. 7c a user... by dyfet · · Score: 2

    Privacy is cheap according to the SEC.

    1. Re:7c a user... by ShanghaiBill · · Score: 1

      Privacy is cheap according to the SEC.

      It is not the SEC's job to protect your privacy. This fine was about protecting the rights of investors, not users, and there were a lot less than 500 million Yahoo investors.

    2. Re:7c a user... by whoever57 · · Score: 2

      It's not clear to me how this protects investors. The company pays the SEC, the company value goes down. The stock price goes down.

      It's bullshit. The penalty should be levied against the C-level executives who hid the breach, not the company.

      --
      The real "Libtards" are the Libertarians!
    3. Re:7c a user... by PastTense · · Score: 2

      It works by deterring future offenders, not by helping current investors.

    4. Re:7c a user... by Anonymous Coward · · Score: 0

      Stock holders hired the CEO, who hired the executives, who would go to prison if what they did was illegal.

    5. Re:7c a user... by sexconker · · Score: 1

      In what way is anyone deterred from doing it in the future?
      Are any of the people involved imprisoned? Are we taking their money/property away?

    6. Re:7c a user... by Anonymous Coward · · Score: 0

      Um, taking $35million away? From the company, so... hurting the current investors who were ostensibly already hurt by the non-disclosure.

      It's up to the company if they will fire someone over this. It would be wrong for the government to lock someone up over this.

    7. Re:7c a user... by ShanghaiBill · · Score: 1

      Are we taking their money/property away?

      It is very likely that, as we type, some law firm is preparing a shareholder lawsuit against the executives that made the decision, to recoup some or all of the $35M.

    8. Re:7c a user... by whoever57 · · Score: 1

      Shareholder lawsuits typically target the company, not the execs.

      --
      The real "Libtards" are the Libertarians!
    9. Re:7c a user... by Anonymous Coward · · Score: 0

      They should fine Jerry Wang and company for rejecting Microsoft's 32 billion offer at the time.

      That kind of negligence is way more damaging to an investor than leaking this invaluable piss-data

  3. Which specific executives by olsmeister · · Score: 2

    will be paying the fine? Yeah, didn't think so.

  4. Happy birthday to the SEC by Anonymous Coward · · Score: 0

    That's great and all, but how does that help the people who've actually been impacted? Is the SEC setting up a fund or something to help those who've actually lost something (including investors which is supposed to be why they're there)? Exactly how does the government agency there by the people and for the people actually benefit the people? I think we ought to start asking this of all government agencies. I have to justify my existence and prove my worth year after year. How is it we shouldn't expect the same from our representatives?

  5. They got a great deal by Anonymous Coward · · Score: 0

    $0.07 per stolen account. How are companies supposed to learn from their actions if they only receive a slap on the wrist?

    1. Re:They got a great deal by rmdingler · · Score: 1

      $0.07 per stolen account. How are companies supposed to learn from their actions if they only receive a slap on the wrist?

      Perhaps corporations are indeed learning from their actions. Repeated infractions have been met with punishments on the order of 50 lashes with a wet noodle... not exactly a deterrent to objectionable corporate decision-making.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

  6. Chump change. by Anonymous Coward · · Score: 0

    35 million to those assholes is NOTHING. And the stockholders pay anyway.
    Yeah, that's public companies for yah. Management does what they want, the peasants who own the stock (All those 401k;ers and IRA'ers) pay the bills.

    Suck it peasants!!

    Send the fucking management to jail like civilized countries do!

  7. Yahoo! needs better lawyers by Stomper_Stoddard · · Score: 1

    Maybe they should have hired the Equifax lawyers.

  8. Not very punative by Only+Time+Will+Tell · · Score: 1

    I would have hoped that not securing your data and allowing customer data to get into the hands of who knows who would be worth at least $1 per account affected. No need to invest in proper IT security if you have the cash on hand.

    1. Re:Not very punative by Anonymous Coward · · Score: 0

      The SEC doesn't deal with securing data, they deal with defrauding your investors. Some other agency will have to deal with the breach itself. Yahoo isn't off the hook for it either, not because of the SEC fine.

  9. Who gets the $ ? by rojash · · Score: 1

    Do the cheated public ever get to see any of these so called 'fines' at all or does it all go to Uncle Sam who just encourages more of such pathetic capitalistic companies that dont care about privacy ?? Europe rocks for privacy.

    1. Re: Who gets the $ ? by Anonymous Coward · · Score: 1

      Once a upon a time when the federal government was not yet a giant squid and deficit spending with no plan to ever go cash positive was not a feature of the federal budget; yes the public benefited in the sense that government had more money to spend on services without additional tax revenue. I'll gotten gains could be recorded from bad actors and society could be reembursed for some of their harms.

      In the modern era there is no relationship (only a slight exaggeration) between the treasury, taxes, or other revenues. So basically SEC fines levied against public companies because they "harmed investors" just harm investors more and don't really help anyone else. Addionally I am not sure they really deter future behavior as the CXX levels of the majors have big diverse portfolios and if their own companies stock drops they can hold on to it until it recovers while they live on dividends from other properties.

      Really we need a system more like traffic tickets that is quasi criminal code, works like civil legally but targets individuals for infractions more like criminal charges. Mayer should be personally fined for "misleading investors while serving as an officer of a public company" or something.

      The trouble here is when you separate out the company you lose a cause for scale. You can't really treat Mayer differently for misleading people about the value of a large cap firm as you do to some at some small cap. You don't don't want to fine the little guy a 100million but if you only fine Mayer a few grand she again won't really care and you have no deterrent

    2. Re: Who gets the $ ? by epine · · Score: 1

      Mayer should be personally fined for "misleading investors while serving as an officer of a public company" or something.

      I don't see the difficulty here.

      Executive bonuses should be recalculated retroactively with these kinds of fines allocated to the point of cause rather than the point of outcome, and then clawbacks all around.

      At the scale of Volkswagen, this would have wiped every executive bonus off the map, with effects spread over a multiple year period.

      Yahoo was failing for a long time and I suspect bonus payments were not large as these things go, so it might not have especially sharp teeth in this case, but I still think it would go a long way toward offsetting this kind of executive behaviour, because it would encourage a culture of the executive team whispering very pointed questions to each other in dark, unmonitored corridors about the the probable magnitude of the future downside .

  10. Yahoo Updated ToS ... by Anonymous Coward · · Score: 0

    Before this fine, Yahoo sent out updated ToS agreement about arbitation, etc. Coincidence?

  11. Former CEO by Anonymous Coward · · Score: 0

    The former CEO is going to be paying this fine out of their personal assets I assume? Nah, accountability is nothing these days. Punish the stockholders who had nothing to do with it.

  12. What about the rest? by SeaFox · · Score: 1

    Weren'tt there multiple breaches? This fine is specifically for the 2014 one.

  13. Annoyance Fee by mpechner · · Score: 1

    3B in revenue. 35M fine. Like a pimple that needs to be popped.

  14. Re:End of Oath/Altaba? by Anonymous Coward · · Score: 0

    Oath, Altaba. These are very good names.

    I will name my first born Altaba.

    Or my goldfish.

  15. Only $35 million!? by NichardRixon · · Score: 1

    Truly shocking! Have they not considered the impact this could have on investment bankers' bonuses--in this year alone?

  16. No surprise by nospam007 · · Score: 1

    Their Oracle told them years ago.

    (Yet Another Hierarchical Officious Oracle!)