Sen. Warner Wants SEC Inquiry on Yahoo Data Breach

Securities Law Daily provides daily coverage of developments in the regulation of federal, state, and international securities and futures trading, with objective coverage of the...

By Rob Tricchinelli

Sept. 26 — The Securities and Exchange Commission should scrutinize whether Yahoo! Inc. adequately disclosed the widespread data breach it suffered in 2014, Sen. Mark Warner (D-Va.) said Sept. 26.

“The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it,” Warner said in a letter to SEC Chairman Mary Jo White.

Breach Data

More than half a billion user accounts were affected by the 2014 breach, which was made public by the company Sept. 22. The breach contained user names, email addresses, phone numbers, encrypted passwords and some unencrypted security questions and answers.

Yahoo learned in July of a potential breach, but didn't file a disclosure form telling the public about it, Warner noted.

“I encourage you to evaluate the adequacy of current SEC thresholds for disclosing events of this nature,” Warner, cofounder of the Senate Cybersecurity Caucus, wrote.

He also asked whether Yahoo timely notified Verizon Communications Inc., which is planning to acquire Yahoo's core internet assets for $4.83 billion. The deal hasn't been finalized.

Yahoo users have already filed class actions against the company related to the breach.

The SEC declined to comment.

To contact the reporter on this story: Rob Tricchinelli in Washington at rtricchinelli@bna.com

To contact the editor responsible for this story: Phyllis Diamond at pdiamond@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.