SEC hands down $35 million fine in Yahoo hack

Yahoo may have changed its name, but it's still paying for a massive 2014 data breach.Altaba, what's left of Y...

Posted: Apr 25, 2018 5:08 AM
Updated: Apr 25, 2018 5:08 AM

Yahoo may have changed its name, but it's still paying for a massive 2014 data breach.

Altaba, what's left of Yahoo after the company sold most of its properties, has agreed to pay $35 million to settle charges that it misled investors about the hack, the US Securities and Exchange Commission said Tuesday.

n 2017, Yahoo completed the sale off its core business to Verizon for $4.48 billion. It retained large stakes in e-commerce company Alibaba and Yahoo Japan and changed its name to Altaba.

Yahoo knew that Russian hackers had obtained personal information from about 500 million of its users just days after the breach, according to the SEC. But it didn't tell its investors and the public until two years later.

The information included birth dates, phone numbers and encrypted passwords.

Altaba told CNN it had no comment on the SEC's announcement. The SEC statement says Altaba did not admit to or deny the findings.

In November 2017, a 22-year-old Canadian man named Karim Baratov pleaded guilty to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft. He will be sentenced this week. Earlier in 2017, the Justice Department also indicted two Russian spies and two cybercriminals for the breach.

The breach was separate from a 2013 hack that compromised every single Yahoo account - all 3 billion of them, including email, Tumblr, Yahoo Fantasy and Flickr. The number was more than three times the amount Yahoo originally reported.

Related: Yahoo tops the list of largest ever data breaches

Other punishments for the 2014 breach could still be in the works from other agencies like the Federal Trade Commission. Shareholders have filed lawsuits against the company, including some class-action suits.

A 2016 SEC filing said the company was cooperating with US and foreign government agencies investigating the incident.

"Yahoo's failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach," said SEC San Francisco director Jina Choi in a statement.-"Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors."

Article Comments

Mason City
Overcast
24° wxIcon
Hi: 25° Lo: 10°
Feels Like: 17°
Albert Lea
Overcast
21° wxIcon
Hi: 22° Lo: 8°
Feels Like: 15°
Austin
Overcast
25° wxIcon
Hi: 25° Lo: 12°
Feels Like: 19°
Charles City
Broken Clouds
25° wxIcon
Hi: 26° Lo: 12°
Feels Like: 19°
Rochester
Overcast
22° wxIcon
Hi: 22° Lo: 10°
Feels Like: 12°
More snow Friday with a chance for freezing rain
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

Ribbon cutting at Mason City multipurpose arena

Image

Sara's Daybreak Forecast - Friday

${item.thumbnail.title}

StormTeam 3: Friday's Snow

Image

Hergert off to the big leagues

Image

How to avoid a pileup

Image

The cost of living

Image

Liquor sales are up..again!

Image

House fire in Austin

Image

Kmart parking lot moves forward

Image

Sean Weather 12/12

Community Events