Yahoo has openly admitted that a number of its staff were aware of the fact that it had suffered a major data breach when it was hacked in 2014 by a state-sponsored hacker.
The news that some of the company's employees knew about the loss of user data was revealed by an independent investigation looking into the security breach that occurred two years ago.
Yahoo also released a new filing with the US Securities and Exchange Commission during the investigation in which it admitted to knowing that it had suffered a security breach by a state-sponsored hacker. According to the document: “The company had identified that a state-sponsored actor had access to the company's network in late 2014.”
Yahoo could be facing a number of lawsuits as a result of the security breach and the way in which it withheld news of the hack from its users. Currently 23 separate cases have been filed against the company over the matter and this number could likely grow as more details surrounding the case come to light.
Verizon's $4.8 billion deal to purchase Yahoo could also be in jeopardy and it is unclear whether or not the telecom will try to back out of the deal. A significant price cut could also occur seeing as the company was unaware of the security breach before agreeing to purchase the former dot-com giant.
Verizon's general counsel Graig Silliman noted that the security breach could lead to financial repercussions for Yahoo, saying: “I think we have a reasonable basis to believe right now that the impact is material.”
Neil Fraser, Head of Space & Comms and UK Manager at ViaSat commented: “This ongoing saga from Yahoo has laid bare the true cost of cyber-attacks. The real risk doesn’t necessarily come from loss of intellectual property, or damage to business operations, but rather the ongoing harm to the organisation’s reputation. The cost might not be immediately apparent, but over time – or if the business is in a sensitive period – it could easily reach billions of dollars.
"In this case, an attacker who was looking to sell the stolen data for $1,800 could easily have cost Yahoo! a million times that amount. To reduce these consequences, organisations need to look at a number of issues. Clearly this includes the security technology in use; from firewalls to anti-virus to encryption of both the networks being used, but also the actual data (by both the organisation and also individuals using these services), so that any data that is stolen is essentially worthless.
"Organisations also need to look at the training workers are given, and ensure they not only know how to reduce the risk of a successful attack, but also how to react. This includes isolating and identifying the origin, taking stock of what has been stolen or affected and making sure those who have been put at risk are notified and protected as soon as possible."
Image Credit: Ken Wolter / Shutterstock