The former Yahoo hit with $35M fine for 2014 data breach
WASHINGTON - The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators' charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history.
The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications (VZ) for $4.48 billion last year. The Sunnyvale, California-based company, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.
Personal data was stolen from hundreds of millions of Yahoo users in the December 2014 breach attributed to Russian hackers. The SEC alleged that, although Yahoo senior managers and attorneys were told about the breach, the company failed to fully investigate it. The breach wasn't disclosed to the investing public until more than two years later, when Yahoo was working on closing Verizon's acquisition of its operating business in 2016, the SEC said.
"Yahoo's failure to have controls and procedures in place to assess its cyber disclosure obligations ended up leaving its investors totally in the dark about a massive data breach," Jina Choi, director of the SEC's San Francisco regional office, said in a statement.