News Stay informed about the latest enterprise technology news and product updates.

SEC to investigate the Yahoo breach disclosures

The SEC has requested more information for potential cases concerning whether the Yahoo breach disclosures could have come sooner.

The Securities and Exchange Commission has opened an investigation into the recent Yahoo breach disclosures, and...

it may use it as a test case to push breach-disclosure requirements.

The Securities and Exchange Commission (SEC) reportedly issued a request in December for more information on the recent Yahoo breaches, according to sources for The Wall Street Journal. Yahoo disclosed a 2014 breach of 500 million user accounts in September 2016 and a 2013 breach of more than 1 billion user accounts in November. It is unclear if both Yahoo breaches will be investigated, but reports claim the SEC will focus on the 2014 incident.

Yahoo stated in a November SEC filing that it has complied with all information requests from law enforcement and federal agencies in these cases. Yahoo contended it did not learn about the 2014 breach until "an ongoing broader review of the company's network and data security" with outside investigators uncovered the issue in August 2016.

However, a source familiar with the matter did previously admit "somebody at the company knew something in 2014 relevant to a state-sponsored actor having accessed the system," but the extent of that knowledge was unclear.

The SEC has previously investigated other companies, including Sony, regarding whether public breach disclosures were made in a timely manner. But experts have been saying since the original Yahoo breach disclosure in September that the SEC was looking for a test case to properly define breach-disclosure requirements.

The SEC issued a guidance document concerning breach disclosures in 2011, but has never defined the strict requirements or timelines companies should follow when there is an incident. Given the size and scope of these Yahoo breaches, experts suspect the SEC may try to solidify those requirements.

Both Yahoo and the SEC declined to answer questions on the investigation.

Next Steps

Learn how the Yahoo breach revealed the need for ethical breach reporting.

Find out what IT execs can learn from the Yahoo breach.

Get info on whether the Sony breach is the new front in corporate cyber warfare.


    

Dig Deeper on Information Security Laws, Investigations and Ethics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What breach disclosure requirements do you think the SEC should implement?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close