If you haven't been keeping tabs on Yahoo lately, you wouldn't be alone. With the exception of the massive 2014 data breach that exposed the personal data of roughly 500 million users, the company has all but dropped off the map for many.
Unfortunately for Yahoo, that very data breach has come back to haunt them yet again. Although the breach initially took place in 2014, Yahoo never disclosed the incident - it wasn't until 2016 that the media discovered the breach and began reporting on it.
As we reported in January last year, the SEC opened an investigation into the matter to determine whether or not Yahoo's decision to avoid disclosing the breach broke any laws.
Now, the SEC has finally come to a decision. The organization has announced that the "entity formerly known as Yahoo! Inc." has agreed to pay a $35 million penalty to settle charges that it misled investors by "failing to disclose one of the world's largest data breaches."
...the SEC's Steven Peikin made it clear that the commission doesn't take issue with a company simply taking some additional time to disclose a breach...
In a statement, the SEC's Steven Peikin made it clear that the commission doesn't take issue with a company simply taking some additional time to disclose a breach – indeed, in some cases it's necessary – but he warns that the organization's patience is not infinite.
"...we [have cautioned] that a company's response to such an event could be so lacking that an enforcement action would be warranted," Peikin said regarding the incident. "This is clearly such a case."