Money

Yahoo receives fine for data hack

Money

Yahoo receives fine for data hack

Online services firm Yahoo has been handed a fine of a quarter of a million pounds for a hack that has impacted over 500,000 UK users.

According to the Information Commissioner’s Office (ICO), the hack was first noticed back in 2014 and affected around 515,000 email accounts of UK customers which were co-branded with telecommunications company Sky. The ICO has said that the fine has been issued because the company failed to prevent an attack on its sensitive data.

The hack is believed to have been a state-sponsored cyber-attack by Russia, and the hack affected more than 500 million Yahoo users worldwide. Furthermore, the incident was only reported two years later in 2016.

The ICO said that the data stolen as part of the attack included names and email addresses, passwords, telephone numbers and encrypted security questions and corresponding answers.

The fine was issued in relation to the attack’s impact on the half a million UK accounts in which Yahoo! UK Services Ltd is listed as the data controller. In a statement, the data protection organisation said that Yahoo failed to prevent the state-sponsored attack after the ICO had conducted an investigation sanctioned under the Data Protection Act of 1998.

The deputy operations commissioner at the ICO, James Dipple-Johnstone, criticised Yahoo for the inadequacies that had been in place at the company for a long time without being detected or addressed.

According to the ICO, Yahoo failed to take the appropriate steps to prevent its data from being stolen, and failed to make sure that the data was processed by the company’s US division with appropriate standards of data protection.

Dipple-Johnstone added that the failings identified by the ICO’s investigation were not what it would expect to see from a global company that has had plenty of chances to implement the appropriate processes for data protection that could have ultimately stopped the data of UK users from being compromised.

Since the attack back in 2014, Yahoo has since been bought by Verizon, a US-based cable operator and has been merged with another internet services firm, AOL, to create the company Oath, which describes itself as an operator of specialist sites and internet services.

This is not the first time that the company has suffered a large breach of data. The year before, 2013, the company suffered another cyber-attack that affected one billion accounts, which was also disclosed in 2016, but after the 2014 attack.

Alan Littler

Get in touch

Please enable JavaScript in your browser to complete this form.
Acceptance

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

>

Book a consultation with Engage Web