Ex-Yahoo paying $35M to settle SEC charges over 2014 hack

Ex-Yahoo paying $35M to settle SEC charges over 2014 hack
The Associated Press

WASHINGTON (AP) — The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators’ charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history.

The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications for $4.48 billion last year. The Sunnyvale, California-based company, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.

Personal data was stolen from hundreds of millions of Yahoo users in the December 2014 breach attributed to Russian hackers. The SEC alleged that, although Yahoo senior managers and attorneys were told about the breach, the company failed to fully investigate. The breach wasn’t disclosed to the investing public until more than two years later, when Yahoo was working on closing Verizon’s acquisition of its operating business in 2016, the SEC said.

“Yahoo’s failure to have controls and procedures in place to assess its cyber disclosure obligations ended up leaving its investors totally in the dark about a massive data breach,” Jina Choi, director of the SEC’s San Francisco regional office, said in a statement.

Altaba spokesman Mike Pascale said the company declined to comment on the SEC settlement.

Sen. Mark Warner, D-Va., who urged the SEC in September 2016 to investigate whether Yahoo met its obligation to inform the public, said Tuesday that the company’s failure to do so “didn’t pass the smell test.”

“Holding the company accountable is important, and I hope others will learn you can’t sweep this kind of thing under the rug,” Warner, a member of the Senate Banking Committee, said in a tweet.

Yahoo eventually acknowledged that the 2014 hacking attack and a separate one in 2013 brought affected all 3 billion accounts on its service.

Yahoo ended up having to give Verizon a $350 million discount on their deal, reflecting concerns that people might reduce their use of Yahoo email and other digital services because of the breach, decreasing opportunities to show ads.

In scooping up Yahoo’s digital services, Verizon’s strategy was to meld the operations with its AOL division with an eye to becoming a bigger player in the growing market for digital ads.

Yahoo’s most valuable parts — investments in China’s e-commerce leader Alibaba, and in Yahoo Japan — were left in the new company called Altaba. Yahoo CEO Marissa Mayer, a former Google executive who led Yahoo for nearly five years, did not join Verizon and was out of a job.