Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Yahoo fined over historic data breach

Neil Hodge | June 18, 2018

The U.K.’s data protection regulator has fined Yahoo’s U.K. division £250,000 (U.S. $331,203) following a cyber-attack in November 2014 that placed the personal information of over 500 million users at risk.

The Information Commissioner’s Office (ICO) also slammed the company for its decision to keep news of the attack secret for nearly two years, only disclosing it publicly in September 2016.

The ICO found that Yahoo’s U.K. arm failed to take appropriate technical and organisational measures to protect the data of 515,121 customers against exfiltration by unauthorised persons, and that the company failed to ensure appropriate monitoring was in place to protect the credentials of employees with access to Yahoo! customer data.

The regulator also found that Yahoo’s U.K. division failed to take appropriate...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.