Altaba (former Yahoo) is fined 3.8 billion yen for having been hiding a past personal information leak accident for two years

Bytara hunt

Speaking of Yahoo in the United States, it was known as one of the world's largest Internet media companies. However, Yahoo announced the Internet business division in September 2016Verizon CommunicationsAgreed to sell to. In July 2017 when the sale was completed, Yahoo changed its company name to Altaba. Yahoo, however, was damaged by unauthorized access in 2014, causing a mass leakage accident of user information, but did not announce the fact until the sale agreed. The Securities and Exchange Commission of the United States considered that "Yahoo has concealed the existence of a security incident for two years", and imposed a huge fine against Altaba who was operating Yahoo at that time.

SEC Penalizes Yahoo $ 35 Million For Massive, Undisclosed Cyber ​​Theft | Dorsey & amp; Whitney LLP - JDSupra
https://www.jdsupra.com/legalnews/sec-penalizes-yahoo-35-million-for-20427

Yahoo hacked the user database by someone in the second half of 2014, and a situation occurred where personal information was accessed. Yahoo's security team declared in a subsequent survey that unauthorized access was due to Russian hackers.

And by December 2014, the security team confirmed that personal information of 180 million people leaked. The stolen personal information includes "e-mail address", "telephone number" "birth date" "(HashingPassword ""Password reminderSecret question and answer for "included.

The company's Chief Information Security Officer (CISO) reported to the management and internal legal department that a large leak of personal information occurred due to unauthorized access. However, management decided to hide the existence of security accidents by publishing this fact, concerned about the loss of revenue caused by litigation expenses, security measures expenses etc., loss of brand image etc, etc. .

In the summer of 2016, Yahoo began negotiations with Verizon Communications on the sale of its Internet business division. During the negotiations, Yahoo submitted to Verizon Communications a description of personal information leak accidents that occurred in the past, but we only took up four cases that are insignificant, and in 2014 The existence of a large-scale security incident that occurred was hidden.


Later, on July 23, 2016 Verizon Communications agreed to buy Yahoo for about 4.83 billion dollars (about 530 billion yen). Yahoo's Internet business division joined Verizon Communications,AOLIt will be decided to be integrated into.

Yahoo announced on September 22, 2016 that at least 500 million user accounts were leaked due to unauthorized access occurred in 2014. In response to this announcement, Verizon Communications renegotiated the acquisition price with Yahoo and agreed at a price of about $ 4.4 billion (about 490 billion yen). We also agreed that both companies will bear the cost of litigation concerning this security incident.

After that, the Securities and Exchange Commission of the United States considered the problem "Yahoo hid the existence of a security incident for two years", and raised a $ 35 million fine (about 3.8 billion yen) against Altaba who was operating Yahoo at that time I applied. I also agreed to pay Altaba.