Finally, Yahoo disclosed that some of its workers were aware of the holdup of 500 million users’ data as early as 2014. The hack, which Yahoo has ascribed to an unidentified “state-sponsored actor,” happened in late 2014.
And according to yesterday’s filing with the Securities and Exchange Commission, it appears Yahoo noticed it before as well.
“In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security. It included a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014.”
Yahoo revealed in the filing.
Yahoo Accepts Employees Sighted Hack in 2014
It also stated that 23 customer class action proceedings have been filed in reply to the breach. But that it’s ahead of time to guess financial damages. It estimates the hack has directed to a loss of $1 million until now.
The query of when Yahoo learned of the breach is vital to its deliberate sale to Verizon. Verizon has allegedly asked for a $1 billion deduction in light of the breach. That was not revealed until after the September sale, still Yahoo CEO Marissa Mayer apparently learned of the breach in July.
Yahoo articulated in the filing that,
“It has made an autonomous committee to evaluate, the scope of knowledge within the Company in 2014. And thereafter regarding this access, the Security Incident, the extent to which certain users’ account information had been accessed.”
SEC has been probed by Senator Mark Warner to examine what Yahoo knew about the opening and at what time it knew it.
“Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representation to the public.”
Warner said in a statement.