EU GDPR: Yahoo! Sued Over Data Breach of 500 Million Users
07, October 2016: Yahoo!, the company that recently became victim to the largest publicly disclosed cyber-attack in history, is facing a class action lawsuit for its mishandling of personal data.
The leaked data included the names, emails and unencrypted security questions (and answers) of some 500 million Yahoo users. No payment card data or bank account information was breached.
The company has been criticised for lax security processes and for taking too long to detect and confirm the data breach, which is believed to have taken place in 2014. Yahoo believes that the information was stolen by a state-sponsored hacker, but has withheld details of the country that is supposedly responsible.
Now Yahoo faces two lawsuits, both filed in the U.S. District Court since the massive breach was announced last week.
Danny Maher, CTO from UK-based data security company HANDD Business Solutions, comments; “For Yahoo to lay theblame on state-sponsored entities for this data breach seems like nothing more than a PR stunt crafted to help the company avoid additional embarrassment and reputational damage. Nobody wants to admit that their data may have been stolen by a 16-year-old hacker from his garden shed. In fact, InfoArmour, a firm who sampled some of the stolen data with the Wall Street Journal, recently questioned Yahoo’s claims of a state sponsored attack by suggesting all the evidence points towards a known criminal gang”.
The data breach and accompanying lawsuits could spell big trouble for Yahoo who recently confirmed it had reached an agreement to sell its core business to US telco Verizon Communications for $4.83bn.
Sources report the deal could be “put in jeopardy”, with Verizon issuing a statement saying: “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities.”
Danny Maher continues: “I am unsure as to why Yahoo have delayed the announcement by two years; it’s not against the law but it is certainly unethical. Did they purposely withhold knowledge of the hack, or even more alarmingly did they only just find out about it? These are awkward questions for which Marissa Meyer and her team will be hard at work trying to answer.”
This story demonstrates whyorganisations need to implement tighter security measures and be vigilant of their data security policies.
HANDD Business Solutions is an independent specialist in data protection, providing solutions to 45% of FTSE 100 companies. The company provides a range of data security solutions, backed by in-house data security specialists who work to secure the entire journey of a company’s data.
They currently supply data security solutions to 8 of the 10 largest banks in the world, 2 of the world’s top 5 investment service organisations, and 45% of the FTSE 100.
For Media Contact:
Person: Danny Maher
Company: HANDD Business Solutions Ltd
Address: 26 Horseshoe Park,
Pangbourne, Berkshire, RG8 7JW UK