Yahoo (YHOO) has been slapped with a $35 million fine by the US regulators for keeping the largest data breach of 2014 a secret from its investors until 2016 when the news became public.
According to the Securities and Exchange Commission (SEC), the company took time to disclose the breach in which, many Yahoo accounts were hacked by some Russian agents. Using forged cookies, the hackers accessed the user accounts without passwords and stole personal data. Though the company discovered the incident just days after the breach, the company informed the public about the breach only years later.
The SEC criticized Yahoo, which was run by Marissa Mayer, for keeping such a large breach a secret from the users as well as investors and charged the company a fine of $35 million.
Yahoo had sold its operating business to Verizon Communications (VZ) last year. The remainder of the internet giant, which holds shares in Alibaba (BABA) and Yahoo Japan, was renamed Altaba (AABA). Altaba has now agreed to pay the penalty to settle the charges.
Yahoo, in fact, suffered two massive data breaches. The first one occurred in 2013 and involved billions of user accounts, while the second one happened a year later. Both the incidents were reported only in 2016.
The breach came to light when Yahoo was in the process of being acquired by the telecommunication conglomerate Verizon. Yahoo’s failure to address the breach as well as the lapse in cybersecurity made Verizon lower its acquisition price by $350 million. The internet company was then purchased for $4.5 billion.