US senator seeks SEC probe of Yahoo disclosure on hacking


  • TECH
  • Tuesday, 27 Sep 2016

Under fire: Yahoo has faced questions about exactly when it knew about the 2014 cyberattack.

WASHINGTON: Democratic Senator Mark Warner asked the US Securities and Exchange Commission to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about a hacking attack affecting 500 million user accounts.

"Disclosure is the foundation of federal securities laws, and public companies are required to disclose material events that shareholders should know about," Warner said in a letter to SEC chairwoman Mary Jo White.

Yahoo has faced pointed questions about exactly when it knew about the 2014 cyberattack announced last week that exposed the e-mail credentials of half a billion accounts, a critical issue for the company as it seeks to prevent the breach from affecting a pending takeover of its core business by Verizon Inc.

Warner also asked the SEC to probe whether Yahoo has "made complete and accurate representations" about the security of its information technology systems, and for the agency to evaluate its current thresholds for how and when companies need to report a material data breach.

Although the SEC has longstanding guidance on when publicly traded companies should report hacking incidents, companies that have experienced known breaches often omit those details in regulatory filings, according to a 2012 Reuters investigation.

In a Sept 9 regulatory filing with the SEC, Yahoo stated it did not have knowledge of "any incidents of, or third party claims alleging ... unauthorised access" of personal data of its customers that could have a material adverse effect on Verizon’s acquisition.

Establishing that Yahoo is liable for damages under SEC rules is a "pretty high bar" in data breach cases, said Robert Cattanach, a lawyer at Dorsey & Whitney who specialises in cyber security.

Yahoo is additionally protected from liability given the relative lack of sensitivity of the data compromised, Cattanach said, though he said both the SEC and Federal Trade Commission were likely to open investigations.

At least one state, Massachusetts, is also seeking more information from Yahoo about the breach, a spokesperson for the state's attorney general told Reuters on Monday.

Yahoo has so far not provided a clear, detailed timeline about when it was made aware of the breach announced Thursday.

Cybersecurity services firm Stroz Friedberg has been hired by Yahoo to help investigate the breach, firm spokeswoman Carolyn Vadino said.

The FBI is also investigating the hack, which Yahoo has blamed on a "state-sponsored actor" although the company has not provided technical information to support that claim. — Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
   

Did you find this article insightful?

Yes
No

Next In Tech News

Lab developing device to help Earth dodge asteroids
To avoid tech’s antitrust troubles, India tries a hard 30% cap
New WhatsApp update lets users customise wallpapers for different chats
Google Maps introduces community feed feature
US judge blocks Trump rules on tech visas
Covid-19 lockdowns drive spike in online child abuse
Trump vows defense bill veto unless Internet liability shield scrapped
This company will pay you to share your data – is it worth it?
Robot chef serves Chinese school dinners to lower Covid-19 risk
China drafts rules on mobile apps’ collection of personal data

Stories You'll Enjoy