Yahoo Fined $35 Million By SEC Over 2014 Breach

April 25, 2018, Written By John H. Oldshue
Yahoo Fined $35 Million By SEC Over 2014 Breach

The Securities and Exchange Commission (SEC) has fined Yahoo, now named Altaba, $35 million for misleading investors.

According to the SEC, Yahoo’s security team learned of an intrusion by Russian spies within days of the December 2014 breach. The cybercriminals were able to obtain usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions for hundreds of millions of users.

In its order, the SEC says Yahoo failed to “properly investigate” the incident or notify investors. The breach was not disclosed until 2016 when Yahoo was closing a deal with Verizon.

Jina Choi, Director of the SEC’s San Francisco Regional Office, said, “Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach.  Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

Yahoo sold much of its business operations to Verizon for a reduced rate of $4.8 billion and renamed their remaining business Altaba. Verizon will not be fined for the breaches, as they did not take control of the company until 2017.

The fine from the SEC is not the only financial repercussions that Altaba may face. Last month, a U.S. district judge ruled victims of Yahoo’s three massive data breaches were free to sue for punitive damages. It is believed all three billion Yahoo users were affected by these breaches.

Perhaps in light of this lawsuit, Yahoo users were recently sent an email asking them to review and agree to a new Terms of Service and Privacy Policy. One of the updates to the Terms of Service includes an arbitration clause. The email reads, “Hopefully, disputes will never be an issue, but in the case of one, this allows a third-party arbitrator to help us resolve them. We’ve also added a class action waiver.”

If Yahoo users want to continue to use their Yahoo account, they will need to accept and agree to the new policies.

The information contained within this article was accurate as of April 25, 2018. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.

About John H. Oldshue

John Oldshue is the creator of He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for
View all posts by John H. Oldshue