SEC Preparing Probe into Yahoo Over Hacks

Yahoo_Sunnyvale_daytime.jpegThe Securities and Exchange Commission (SEC) is reportedly beginning an investigation into why it took Yahoo so long to disclose that it had suffered from two large scale data breaches.

According to The Wall Street Journal, which cited people familiar with the matter, the investigation could prove a major landmark in how hacks and other data breaches are reported by major companies.

Yahoo has already faced questions over when exactly it became aware of the 2014 cyber attack that exposed the email credentials of around 500m accounts. The breach was not reported to the public until September 2016.

Then, in December 2016, the company announced it had uncovered another massive hack that had compromised data from over 1bn user accounts, this time dating back to August 2013.

The SEC reportedly issued a number of requests for documents relating to the breaches back in December, to investigate whether or not Yahoo had complied with civil securities laws in disclosing the cyber attacks.

Yahoo stated in a November 2016 quarterly filing that it was “cooperating with federal, state and foreign” agencies, including the SEC, the Federal Trade Commission and the US Attorneys office, that were seeking information regarding the “security incident” and related matters.

A Reuters investigation in 2012 found that, despite the SEC having long-standing guidance on when publicly traded companies should disclose hacking and data breaches, many companies have been known to omit these details in regulatory filings.

Its not known whether the investigation could have any impact on the ongoing process of Yahoos sale of its core internet business to US mobile operator Verizon. The deal was initially announced in July 2016, before both data breaches had come to light, and Verizon reportedly sought a considerable discount on its initially agreed price following news of the cyber attacks breaking.