The Information Commissioner's Office (ICO) has issued the UK arm of Yahoo a £250,000 fine after an investigation focusing on the 515,121 UK accounts that had their data exposed during the 2014 cyber attack on the company.
Back in 2014, Russian hackers were able to gain access to the company's servers and steal information such as names, email addresses, phone numbers, birthdates and more on 500m international account holders.
While Yahoo discovered that it had been hacked at the end of 2014, the company waited until September 2016 to disclose this information to its users and since then regulators around the world have brought court cases and fines to the dotcom giant.
The ICO found that “systemic failures” had put user data at risk and that appropriate measures were not taken by the UK arm of Yahoo to prevent such a catastrophic breach. The regulator also noted that the company had a responsibility to comply with data protection standards.
The ICO's investigation was carried out under the Data Protection Act of 1998 (as opposed to the new General Data Protection Regulation) and because of this the maximum fine against Yahoo can only be as high as £500,000.
ICO deputy commissioner of operations James Dipple-Johnstone stressed the point that cyber attacks are inevitable and businesses must do more to protect themselves, saying:
"As the intruders become more sophisticated and more determined, organisations need to make it as difficult as possible for them to get in. But they must also remember that it's no good locking the door if you leave the key under the mat."
The UK arm of Yahoo may now be owned by Verizon's Oath but it still has until June 21 to pay its fine if it hopes to take advantage of the 20 per cent discount the ICO is offering off its fine.
Image Credit: Jejim / Shutterstock