Irish data protection commissioner investigates Yahoo as company reveals 3 billion accounts affected by 2013 breach.
The investigation into the 2016 privacy leaks on Yahoo email accounts seems to have made a sinister turn, as new developments reveal that the breach was much bigger than the company thought at first. The Irish Data Protection Commissioner, Helen Dixon, recently announced that Yahoo is still under investigation by her office and that they are currently planning the next steps in their examination of the electronic communications giant.
3 Billion Yahoo Accounts Affected in Worst Hacking Incident to Date
The Irish Data Protection Commissioner is the competent European authority to investigate matters related to data protection – or lack thereof in the case of Yahoo, as the company’s European headquarters are located in Ireland (along with many other major tech firms, like Google and Apple).
The company first notified the Commissioner in December 2016 of a data breach discovered to have occurred in 2013 and at the time thought to have affected 1 billion email accounts – now, it says that they have underestimated the damage and that the hacking had in fact reached all of Yahoo’s 3 billion user accounts. This is further to another attack that was perpetrated in 2014 and revealed in September 2016, which affected a separate list of 500 million accounts, which the Commissioner is investigating separately.
You will find more statistics at Statista
In these attacks, hackers stole users’ credentials and private information, including names, telephone numbers and dates of birth, while email passwords and security questions were compromised, too. These two incidents remain the worst data breaches yet in terms of scale, followed by the MySpace security breach that was also discovered in 2016 and affected almost 430 million accounts. Other companies, like eBay and LinkedIn also experienced hacker attacks that managed to affect well over 100 million accounts in each service, while the latest in this strain is the Uber data breach uncovered in October, which saw personal data of over 57 million users fall prey to cybercriminals.
Data Breaches Costly for Yahoo
While many companies have recently become targets for hackers, the recent admission does not fare well for Yahoo as it puts the firm definitively at the top of the most-affected companies. Earlier this summer, Verizon bought Yahoo for a sum of $4.48 billion – marking a roughly $350 million discount from its original offer of $4.8 billion. This cut was the result of the data breaches that were revealed during the negotiations, which severely damaged Yahoo’s reputation.
And it may well be just the start of financial woes stemming from the company’s underwhelming performance in data protection matters. In May 2018, the GDPR (General Data Protection Regulation) is set to come into effect. It is a comprehensive EU legislative tool that seeks to radically transform the data protection landscape in the European Union. Under the new, stricter regime, which applies to all companies providing goods and services to persons on EU soil, regardless of their actual headquarters, non-compliance with the privacy rules set out to prevent similar data breaches may result in fines up to €20,000,000 or 4% of an organization’s total global revenues - in the case of Yahoo, that would have been over $200 million, since its total annual profit for 2016 was a little less than $5.2 billion. So if the GDPR had been in place when the Yahoo incidents occurred, then the company might have incurred hefty fines on top of its value drop.
Whether or not this is the end of the revelations regarding high-profile data breaches in Yahoo, it remains to be seen; after all, it took the company a good 2 to 3 years to uncover the incidents in the first place, which means that the Irish Data Protection Commissioner’s probe may not have seen it all yet.