In what initially looked like a quiet end to an internet pioneer, Yahoo announced on September 22nd that almost 500 million accounts were hacked back in 2014 by a “state-sponsored actor”. According to Yahoo, the hackers were able to obtain account names, email addresses, date of birth, passwords, and in some cases, both encrypted and unencrypted security questions and answers.
On July 25th, Verizon announced it would acquire Yahoo’s core business for $8.3 billion dollars. Since the public announcement of the breach, many have questioned if this may impact the sale of Yahoo’s core internet business to Verizon. The New York Post quotes a source close to the matter “I would expect a price renegotiation at a minimum,”. The article also go on to say that Yahoo could be held liable for $145 million dollars if the deal falls though and they are to blame.
No official word has come from Verizon or Yahoo on if or how this breach will impact the sale. Tim Armstrong, CEO of AOL, during an interview on CNBC avoided direct questions on subject. “In the end of the day, its the consumer, the consumer trust that we’re focused on” Armstrong said.
Verizon-owned AOL released a statement on September 22nd: “Within the last two days, we were notified of Yahoo’s security incident. We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact…”
In a letter sent Monday to SEC Chairwoman Mary Jo White, Senator Mark Warner asks for an official probe into Yahoo to ensure they “made complete and accurate representations about the security of its IT systems” and “… The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.”
Not only is this important for public confidence in companies, but federal law requires publicly traded companies to notify shareholders of information within four business days.