As if two massive data breaches affecting more than one billion users isn’t enough, Yahoo is now under investigation from the SEC for not disclosing the hacks sooner, according to a Wall Street Journal report.
The internet giant revealed in September 2016 than a state-sponsored attacker harvested personal data belonging to “at least” 500 million users. Just three months later, it was back to confess that a separate incident store account information belonging to one billion users. Yahoo admitted that some employees were aware of the first incident as far back as 2014, yet it waited years before making a disclosure to investors — that is what the SEC is probing, according to the Journal.
The paper said the SEC requested documents from Yahoo in December in order to determine whether it could have reported the hacks sooner. Senator Mark Warner, a co-founder of Nextel and a former startup investor, called on the organization to look into the incidents back in September.
Yahoo is in the process of being acquired by Verizon [disclosure: Verizon owns AOL, AOL owns TechCrunch] and already these two hacks have threatened to derail that deal. Verizon originally agreed to pay $4.8 billion for the company, but it is reportedly seeking a $1 billion discount after details of the hackings came to light. An SEC investigation is sure to heap further pressure on. Already, the news has sent Yahoo’s share price down.
The SEC has investigated companies for the way they have disclosed hacks in the past, but it is yet to take action. It probed the major breach that impacted Target, which swiped credit card details of millions of customers, between 2013 and 2014 but ultimately didn’t find any misdoings.