The Securities and Exchange Commission (SEC) has initiated an investigation into the two massive data breaches that hounded technology firm Yahoo in 2013 and 2014.
According to a
Wall Street Journal report, the regulator will determine whether the reporting delays surrounding the cyber-attacks violated securities laws. SEC rules require companies under its jurisdiction to disclose cyber security issues as soon as it is determined that they will affect investors.
SEC issued requests for documents in December, the report explained.
Citing anonymous sources “familiar with the matter,” the
Wall Street Journal said that the probe will likely focus on a 2014 attack that exposed the data of around 500 million Yahoo users. The breach was disclosed in 2016. The firm has yet to explain the delay in the reporting of the incident.
The company also only reported in December that it had recently learned of another breach that took place in 2013, compromising the private information of more than one billion Yahoo users.
According to its sources, the media outlet said that the investigation “is in its early stages, and it is too early to say whether it will result in any public action.”
The report further said that Yahoo, in a quarterly filing, stated it was “cooperating with federal, state and foreign” agencies that are gathering information on the 2014 incident.
Related stories:
Yahoo’s mega hack could create Verizon deal issues
Yahoo secretly scanned customer emails for U.S. intelligence services – report
.jpg)
