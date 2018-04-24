SEC Issues $35 Million Fine Over Yahoo Failing To Disclose Data Breach (theverge.com) 10
Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.
End of Yahoo? (Score:3)
Does Yahoo have 35 million laying around? I Yahoo even worth this much to verizon?
Verizon paid $4.48 billion for them so you would think that wouldn't be a problem.
7c a user... (Score:2)
Privacy is cheap according to the SEC.
Privacy is cheap according to the SEC.
It is not the SEC's job to protect your privacy. This fine was about protecting the rights of investors, not users, and there were a lot less than 500 million Yahoo investors.
It's not clear to me how this protects investors. The company pays the SEC, the company value goes down. The stock price goes down.
It's bullshit. The penalty should be levied against the C-level executives who hid the breach, not the company.
