“U.S. authorities are investigating whether Yahoo Inc.’s two massive data breaches should have been reported sooner to investors, according to people familiar with the matter, in what could prove to be a major test in defining when a company is required to disclose a hack,” Runa Viswanatha and Robert McMillan report for The Wall Street Journal.

“The Securities and Exchange Commission has opened an investigation, and in December issued requests for documents, as it looks into whether the tech company’s disclosures about the cyberattacks complied with civil securities laws, the people said,” Viswanatha and McMillan report. “The SEC requires companies to disclose cybersecurity risks as soon as they are determined to have an effect on investors.”

“The investigation is likely to center on a 2014 data breach at Yahoo that compromised the data of at least 500 million users, according to the people familiar with the matter,” Viswanatha and McMillan report. “Yahoo disclosed that breach in September 2016, despite having linked the incident to state-sponsored hackers two years earlier.”

Read more in the full article here.

MacDailyNews Take: Yahoo. Just rename the company Clusterfsck Inc. and be done with it.

SEE ALSO:
Yahoo discloses ‘largest hack of all time,’ says hackers stole data from over one billion users – December 15, 2016
Yahoo secretly scanned all customer emails for FBI, NSA, sources say – October 4, 2016
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
Verizon to acquire beleaguered Yahoo for $4.8 billion – July 25, 2016