Yahoo receives fine for data hack

Posted on June 15, 2018


Online services firm Yahoo has been handed a fine of a quarter of a million pounds for a hack that has impacted over 500,000 UK users.

According to the Information Commissioner’s Office (ICO), the hack was first noticed back in 2014 and affected around 515,000 email accounts of UK customers which were co-branded with telecommunications company Sky. The ICO has said that the fine has been issued because the company failed to prevent an attack on its sensitive data.

The hack is believed to have been a state-sponsored cyber-attack by Russia, and the hack affected more than 500 million Yahoo users worldwide. Furthermore, the incident was only reported two years later in 2016.

The ICO said that the data stolen as part of the attack included names and email addresses, passwords, telephone numbers and encrypted security questions and corresponding answers.

The fine was issued in relation to the attack’s impact on the half a million UK accounts in which Yahoo! UK Services Ltd is listed as the data controller. In a statement, the data protection organisation said that Yahoo failed to prevent the state-sponsored attack after the ICO had conducted an investigation sanctioned under the Data Protection Act of 1998.

The deputy operations commissioner at the ICO, James Dipple-Johnstone, criticised Yahoo for the inadequacies that had been in place at the company for a long time without being detected or addressed.

According to the ICO, Yahoo failed to take the appropriate steps to prevent its data from being stolen, and failed to make sure that the data was processed by the company’s US division with appropriate standards of data protection.

Dipple-Johnstone added that the failings identified by the ICO’s investigation were not what it would expect to see from a global company that has had plenty of chances to implement the appropriate processes for data protection that could have ultimately stopped the data of UK users from being compromised.

Since the attack back in 2014, Yahoo has since been bought by Verizon, a US-based cable operator and has been merged with another internet services firm, AOL, to create the company Oath, which describes itself as an operator of specialist sites and internet services.

This is not the first time that the company has suffered a large breach of data. The year before, 2013, the company suffered another cyber-attack that affected one billion accounts, which was also disclosed in 2016, but after the 2014 attack.

Operations Manager at Engage Web
Drawing from a broad pool of experience that ranges from university studies in English Language to his work as a medical receptionist in a busy GP practice, Alan fits right at home as Engage Web’s Operations Manager.
Alan Littler

0345 621 4321

Call Now Button

Who Engage Web has helped:

Ice Lolly Minuteman Press BUNZLGS1 UK The Underfloor Heating Store West Cheshire Athletic Club Thomas Cook MWB Business ExchangeWeb Media 360 D2 Architects Beacon Financial Training Steely ProductsBurlydam Garden Centre Asentiv BodyHQ Clever Vine Endeavour Mortgages Pro Networks Comm-Tech Wickers World Ascot Mortgages Top Teks
TEL: 0345 621 4321