“US stock watchdog investigates late report of data breaches by Yahoo”

The SEC is investigating why Yahoo failed to report two major data breaches to investors earlier. The internet company did not report a data breach from 2014 until two years later.

The SEC began its investigation in December and requested documents from Yahoo, several sources reported to The Wall Street Journal. Yahoo has still not disclosed why it has reported two data breaches so late, which affected a large number of users. The investigation would not have progressed far enough to say whether the SEC is making a case of it.

So far, the watchdog has not brought any cases against companies about data breaches, because these usually do not have a major impact on stock prices. In the case of Yahoo, however, the effect was noticeable, the newspaper writes. The internet company announced in December that hackers had stolen the data of about a billion accounts in 2013. Among them were passwords hashed with md5. In September, Yahoo had already warned of another hack, in which about half a billion account data had been stolen in 2014. Yahoo was already aware of this hack at the time, but did not know that it involved a large amount of data.

According to the sources of The Wall Street Journal, the SEC investigation focuses on the 2014 incident. Yahoo itself has also launched its own investigation into the incident. When the company announced the data breaches, it was in takeover talks with US provider Verizon. Despite the announcements, the deal appears to be going ahead for the time being. It was recently announced that the provider will take over the internet services and that the remaining company will continue under the name Altaba, without its current director Marissa Mayer.