|
U.S. senator seeks SEC
probe of Yahoo disclosure on hacking
Send a link to a friend
 [September 27, 2016]
By Dustin Volz and Jim Finkle
WASHINGTON
(Reuters) - Democratic Senator Mark Warner on Monday asked the U.S.
Securities and Exchange Commission to investigate whether Yahoo <YHOO.O>
and its senior executives fulfilled obligations to inform investors and
the public about a hacking attack affecting 500 million user accounts.
"Disclosure is the foundation of federal securities laws, and public
companies are required to disclose material events that shareholders
should know about," Warner said in a letter to SEC Chairwoman Mary Jo
White.
Yahoo has faced pointed questions about exactly when it knew about the
2014 cyber attack announced last week that exposed the email credentials
of half a billion accounts, a critical issue for the company as it seeks
to prevent the breach from affecting a pending takeover of its core
business by Verizon Inc <VZ.N>.
Warner also asked the SEC to probe whether Yahoo has "made complete and
accurate representations" about the security of its information
technology systems, and for the agency to evaluate its current
thresholds for how and when companies need to report a material data
breach.
Although the SEC has longstanding guidance on when publicly traded
companies should report hacking incidents, companies that have
experienced known breaches often omit those details in regulatory
filings, according to a 2012 Reuters investigation.(http://reut.rs/2dblx5S)
In a Sept. 9 regulatory filing with the SEC, Yahoo stated it did not
have knowledge of "any incidents of, or third party claims alleging ...
unauthorized access" of personal data of its customers that could have a
material adverse effect on Verizon’s acquisition.
Establishing that Yahoo is liable for damages under SEC rules is a
"pretty high bar" in data breach cases, said Robert Cattanach, a lawyer
at Dorsey & Whitney who specializes in cyber security.
[to top of second column] |
U.S. Senator Mark Warner speaks during an interview with Reuters in
Washington, November 20, 2012. REUTERS/Stelios Varias
Yahoo is additionally protected from liability given the relative lack
of sensitivity of the data compromised, Cattanach said, though he said
both the SEC and Federal Trade Commission were likely to open
investigations.
At
least one state, Massachusetts, is also seeking more information from Yahoo
about the breach, a spokesperson for the state's attorney general told Reuters
on Monday.
Yahoo has so far not provided a clear, detailed timeline about when it was made
aware of the breach announced Thursday.
Cyber security services firm Stroz Friedberg has been hired by Yahoo to help
investigate the breach, firm spokeswoman Carolyn Vadino said.
The FBI is also investigating the hack, which Yahoo has blamed on a
"state-sponsored actor" although the company has not provided technical
information to support that claim.
(Reporting by Dustin Volz in Washington; Additional reporting by Jim Finkle in
Boston; Editing by Cynthia Osterman and Mary Milliken)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
