Yahoo gets $35 million slap on wrist for failing to disclose colossal 2014 data breach

In an ongoing investigation by the Securities and Exchange Commission, Yahoo (now Altaba) has been fined $35 million for failing to report a known data breach in two straight years of SEC filings. Publicly traded companies in the United States are requ… Continue reading Yahoo gets $35 million slap on wrist for failing to disclose colossal 2014 data breach

Sentencing delayed for FSB’s email-popping hacker pawn

Sentencing was delayed in the case against Karim Baratov, the hacker who broke into 11,000 email accounts including targeting specific individuals’ email accounts for the Russian intelligence agency FSB. Baratov, a 23-year-old born in Kazakhstan, pleaded guilty last year to helping hack into Yahoo and Gmail accounts. Prosecutors described Baratov’s actions as directions from Russian intelligence officers Dmitry Dokuchaev and Igor Sushchin to target specific accounts of interest to the FSB. Dokuchaev paid Baratov to hack into at least 80 email accounts, including that of journalists, lawyers and senior government officials in Russia and its border countries, as well as “prominent leaders in the commercial industries” like banking and transportation, according to court documents. U.S. government officials and tech company employees were also targeted. Baratov, who was arrested in March 2017 at his adopted home in Canada, argues that he never knew the identities of the people he was working for. Judge Vince Chhabria began the hearing by saying […]

The post Sentencing delayed for FSB’s email-popping hacker pawn appeared first on Cyberscoop.

Continue reading Sentencing delayed for FSB’s email-popping hacker pawn

SEC fines Yahoo remnant Altaba $35 million for failing to disclose breach

Altaba, the company formerly known as Yahoo, agreed to pay the Securities and Exchange Commission a $35 million fine for failing to disclose to investors a massive data breach for two years, the regulator announced Tuesday. Altaba agreed to pay the fine without admitting nor denying any wrongdoing. According to the SEC, Yahoo learned of an intrusion by Russian hackers in 2016 just days after it occurred. The incident resulted in the theft of sensitive information and credentials of 500 million users. And while news of the breach circulated within the company, Yahoo didn’t properly investigate the breach or consider whether to inform its investors, the SEC said. News of the incident only became public when Yahoo was in the midst of being acquired by Verizon. “Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach,” said […]

The post SEC fines Yahoo remnant Altaba $35 million for failing to disclose breach appeared first on Cyberscoop.

Continue reading SEC fines Yahoo remnant Altaba $35 million for failing to disclose breach

Under Armour Reports Massive Breach of 150 Million MyFitnessPal Accounts

Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function. Continue reading Under Armour Reports Massive Breach of 150 Million MyFitnessPal Accounts

Lessons for Boards from Yahoo’s $80 Million Data Breach Settlement

What does it mean for board liability in future data breach litigation? At the time it was disclosed, the Yahoo! email breach was considered massive. The personal information of 1.5 billion users was compromised. In response, lead plaintiff Edward McM… Continue reading Lessons for Boards from Yahoo’s $80 Million Data Breach Settlement