Recently, we discussed the massive impact the Yahoo data breach was having on companies in all fields. At the time of our writing, there were rumors of Verizon beginning to get cold feed out of a proposed merger with Yahoo, potentially costing Yahoo up to a billion dollars. Things were not looking so great.
News this week has warranted an update to Yahoo’s plight, however, as it appears somehow things have gotten even worse with the admission that their breach problems might have begun years ago.
A Hidden Problem
According to a filing Yahoo made to the Securities and Exchange Commission (SEC), Yahoo believes that the attacker who affected at least 500 million accounts first obtained access to their system in 2014, and that Yahoo actually detected the breach at the time as well.
Yahoo informed the SEC that an independent committee is currently looking into exactly how much Yahoo knew about this breach without taking proper steps to address this issue; regardless of their findings, the best case scenario here is gross incompetence.
This admission has cast further doubt on the future of Yahoo – and their proposed Verizon deal. Healthcare Info Security reports that if Verizon no longer wants to move forward with the purchase of the now severely damaged brand, Yahoo may be forced to pay Verizon a termination fee of around $145 million, while also facing potentially “23 putative consumer class-action suits in U.S. federal and state courts by people who claim to have been harmed by the breach.”
At this time there is no way to know how much this might end up costing Yahoo, but when combined with the potential of Verizon backing out of their purchase, looming SEC fines and the overall lowered standing of the brand among consumers, the company is not exactly finding themselves in good standing.
As we’ve previously written, this breach points out how important it is to constantly be monitoring and updating your IT security. But what this recent news also shines a light on is how important it is to always keep one eye in the past.
Yahoo was breached years ago, but for whatever reason, whether it be poor threat detection or a lack of concern, nothing was done about it. Meeting regulations and updating your IT security is important, but having the appropriate staff in place is absolutely essential to appropriately acting on these breaches.
To combat this, regular IT Security Assessments should be conducted annually (at minimum) to shore up your IT and Cyber security posture and test your staff on cybersecurity best practices. If you’re not sure whether you’ve been breached or if there is malware lurking in your systems, getting a Compromise Assessment could lend helpful insight and peace of mind.
Knowledge is power, and by training the relevant parties on how to appropriately react to these attacks, you can help your business avoid a situation similar to what Yahoo currently finds themselves in.