The Securities and Exchange Commission should scrutinize whether Yahoo! Inc. adequately disclosed the widespread data breach it suffered in 2014, Sen. Mark Warner (D-Va.) said Sept. 26.
“The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it,” Warner said in a letter to SEC Chair Mary Jo White.
More than half a billion user accounts were affected by the 2014 breach, which was made public by the company Sept. 22. The breach contained user names, e-mail addresses, phone numbers, encrypted passwords and some unencrypted security questions and answers.
Yahoo learned in July of a potential breach186 Privacy Law Watch, 9/26/16, See previous story, 09/26/16, 21 ECLR 38, 9/28/16, 15 PVLR 1882, 9/26/16, but didn’t file a disclosure form telling the public about it, Warner noted.
“I encourage you to evaluate the adequacy of current SEC thresholds for disclosing events of this nature,” Warner, co-founder of the Senate Cybersecurity Caucus, wrote.
He also asked whether Yahoo timely notified Verizon Communications Inc., which is planning to acquire Yahoo’s core internet assets for $4.83 billion. The deal hasn’t been finalized.
Yahoo users have already filed class actions against the company related to the breach186 CARE, 9/26/16, See previous story, 09/26/16, 21 ECLR 38, 9/28/16, 2016 BAST 923, 9/23/16, 186 Privacy Law Watch, 9/26/16, 186 Antitrust & Trade Regulation Daily, 9/26/16.
The SEC declined to comment.
To contact the reporter on this story: Rob Tricchinelli in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Phyllis Diamond at email@example.com