Yahoo has been fined for one of its cybersecurity failures. UK’s independent group dedicated to enforcing information rights, The Information Commissioner’s Office (ICO) as reported that they are fining Yahoo’s UK Services $334,000, for a data breach in November 2014. Hackers accessed many sensitive information from around 500 million Yahoo accounts, 515,121 were in the UK.
Yahoo was not fined because the hackers accessed their system and looted their data. Instead the company has been fined because it took almost 2 years to find it. They said that Yahoo failed to take suitable actions to protect the data of more than half a million users and did not meet the UK’s data protection standards.
ICO’s deputy commissioner of operations, James Dipple-Johnstone said that people expect the organizations to keep their personal data safe from attackers who seek to exploit it. The identified faults were not expected from a company that had sufficient opportunity to execute correct measures and prevent UK citizens’ data being compromised.”
The 2014 data breach which was a state-sponsored attack was considered as one of the largest data breach in history until Yahoo announced that all 3 billion accounts on its website had been compromised in a separate hack from 2013.
Yahoo’s lack of security had been there for quite a long period of time without being discovered or disclosed. It is crucial for both the investors and victims of attacks to disclose the breaches in a timely manner. It is important that the European Union’s General Data Protection Regulation (GDPR) now requires companies to notify authorities within 72 hours of learning about a breach.