Yahoo Executives Botched Data Breach Investigation

Yahoo Executives Botched Data Breach Investigation

by Wendy Davis @wendyndavis, March 1, 2017

Yahoo acknowledged Wednesday that it failed to adequately investigate a 2014 data breach that affected up to 500,000 users.

Yahoo Executives Botched Data Breach Investigation

The company added in a stock filing that CEO Marissa Mayer won’t receive an expected cash bonus for 2016 or her 2017 annual equity grant. General counsel and secretary Ron Bell also resigned from the company on Wednesday.

The news comes six months after Yahoo disclosed that it suffered a massive data breach in late 2014, when hackers may have obtained names, email addresses, telephone numbers, birth dates, security questions and encrypted passwords associated with 500,000 accounts. Most of the passwords were encrypted, according to Yahoo. The company says it believes a “state-sponsored actor” is responsible for the attack.

Yahoo said in its 10-K that some executives were aware of the data breach when it occurred, and that the company 26 “specifically targeted users” and consulted with law enforcement. But Yahoo added that senior executives “did not properly comprehend or investigate” the incident.

“As of December 2014, the information security team understood that the attacker had exfiltrated copies of user database backup files containing the personal data of Yahoo users but it is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team,” the company said.

Yahoo added that an investigation by a committee of the company’s board — assisted by the law firm Sidley Austin and a forensic expert — didn’t find that anyone intentionally suppressed information. Instead, the committee attributed the delay in investigating to “failures in communication, management, inquiry and internal reporting.”‘

Yahoo also revealed last year that hackers may have stolen information associated with 1 billion accounts in 2013.

News of both the 2013 and 2014 data breaches resulted in Verizon revising its purchase price for Yahoo to $4.48 billion, marking a decrease of $350 million from the original agreement.

MediaPost.com: Search Marketing Daily

(35)