A news item in the Wall Street Journal has suggested that The Securities and Exchange Commission (SEC) in the United States are to investigate Yahoo Inc.’s (Yahoo
) widely reported data hacks. In particular, the SEC is considering whether the company’s reporting of the hacks was adequate.
This is the first action of its nature conducted by the SEC and the investigation is likely to represent a test case of its guidance on data breaches issued in 2011. The results of the action could have considerable bearing how companies are supposed to respond to data hacks in the future.
In 2014 a breach of data relating to 500 million yahoo accounts was reported, but investigations into that breach revealed another breach that occurred in 2013. The earlier breach reportedly impacted 1 billion Yahoo accounts. Yahoo didn’t report the 2014 breach to the public (and therefore to its investors) until two years after the fact.
In December of last year the SEC made a formal request for documentation relating to the hack in a bid to determine the extent to which whether Yahoo complied with U.S. Civil Securities laws that require immediate disclosure once a hack is determined to have impacted investors. Given Yahoo suggested the 2014 hack was “state sponsored” taking two years to reveal the details might appear excessive. No explanation has been given for the delay to date. Were you impacted by Yahoo breaches? Let us know the details. Add your comments below.