SEC $35-Million Yahoo Settlement Carries Breach Disclosure Lessons

On the heels of publishing disclosure guidance, the SEC has issued an order in its first-ever action against a public company for failing to disclose a material data breach. Altaba Inc. (formerly Yahoo) has agreed to a $35-million fine to settle SEC accusations that it failed to promptly notify investors about a massive 2014 data breach in which hackers stole personal data relating to hundreds of millions of user accounts. “Yahoo’s nearly two-year delay in making the breach known to investors, the vast number of users affected, and the company’s issuance of numerous public filings that failed to mention the breach made [it] a prime candidate for the SEC to make an example of,” Cadwalader partner Joseph Moreno told the Cybersecurity Law Report. See also “SEC Confirms Cyber Disclosure Expectations in New Guidance” (Feb. 28, 2018).

To read the full article

Continue reading your article with a CSLR subscription.