The U.S. Securities and Exchange Commission (SEC) has levied an unprecedented $35 million dollar fine against Altaba—the holding company that owns pieces of what was once Yahoo—for Yahoo's epic mishandling of a massive data breach that dates back to 2014.
All three billion Yahoo user accounts, including names and email addresses, were compromised in the data breach. But Yahoo didn't notify the public until December 2016.
"Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach," SEC San Francisco Regional Director Jina Choi said in a press release. "Public companies should have controls and procedures in place to properly evaluate cyber-incidents and disclose material information to investors."
For more information on Yahoo, listen to "Breach," the hit new podcast that dives deep into the biggest data breaches of all time. Hosted by award-winning cybersecurity journalist Bob Sullivan and veteran podcast producer Alia Tavakolian, Breach Season One explores how a series of missteps helped make Yahoo a target; why hackers targeted specific Yahoo user accounts; and why U.S. law enforcement believes Russian operatives are responsible. Here's a quick preview: