Yahoo is reportedly being investigated by the US Securities and Exchange Commission (SEC) over its previously disclosed two massive data breaches that saw over a billion user accounts stolen. The SEC's probe was launched in December 2016 and will looking into whether Yahoo's disclosures about the data breaches were made in a timely manner, according to reports.
According to unnamed sources familiar with the matter, the SEC's investigation will focus on whether Yahoo should have reported the security incidents sooner and if its disclosures complied with civil securities laws, the Wall Street Journal reported.
The SEC's investigation is speculated to focus on Yahoo's 2014 data breach, which saw around 500 million users affected. Yahoo is yet to clarify why it took two years to disclose the breach, despite allegedly having knowledge that likely linked the attack to state-sponsored hackers when it discovered the attack in 2014. Mere months after Yahoo made the 2014 cyberattack public in September 2016 the tech firm disclosed a second data breach which exposed over one billion of its users' private information.
According to unspecified sources familiar with the matter, it is still uncertain if the SEC's probe into Yahoo's disclosures will lead to any public action as the investigation is still in the early stages. The SEC's guidelines require firms to disclose information about cyberthreats and security incidents if determined that it could impact investors.
In a November 2016 quarterly filing, Yahoo said it was "cooperating with federal, state and foreign" agencies, including the SEC, that were looking into the data breaches, Reuters reported. Yahoo's board of directors has set up a committee to investigate the 2014 data breach in efforts to determine the "scope of knowledge within the company", the firm said in an SEC filing.
The data breaches have cast doubts over the $4.8bn Yahoo-Verizon acquisition deal with speculation rife on whether Verizon is likely to go ahead with the deal. Yahoo CEO Marissa Mayer is slated to step down from the board in the event that the deal goes through. In December, the White House said the FBI had launched an investigation into Yahoo's 2013 data breach.
The fallout from the two cyberattacks appear to be still ongoing. Earlier in the month, it was uncovered that over 3,000 email accounts linked to high-profile Australian government officials were among those stolen as part of the 2013 data breach.