Breach may prove pricey for Ya­hoo in Ver­i­zon deal

USA TODAY Weekend Extra - - MONEY - Mike Snider and El­iz­a­beth Weise @mikesnider, @eweise USA TO­DAY

SAN FRAN­CISCO Ya­hoo’s trou­ble over its mas­sive data breach is far from over. The first of what is ex­pected to be mul­ti­ple law­suits linked to the breach was brought in San Jose on Fri­day by a cus­tomer ac­cus­ing Ya­hoo of fail­ing to ad­e­quately pro­tect his per­sonal in­for­ma­tion from data breaches and iden­tity theft. The suit seeks class ac­tion sta­tus.

Se­cu­rity and man­age­ment ex­perts also are ques­tion­ing the timetable and dis­clo­sure process fol­lowed by Ya­hoo and CEO Marissa Mayer two years af­ter the breach hap­pened and two months af­ter in­tense bid­ding rounds led to a planned sale of Ya­hoo’s core as­sets to Ver­i­zon Com­mu­ni­ca­tions. Ya­hoo CEO Marissa Mayer.

The hack could give buyer Ver­i­zon lee­way to lower the $4.8 bil­lion it agreed to in July — and per­haps even de­rail the deal.

“They (Ver­i­zon) are go­ing to get a price dis­count,” said Robert Cat­tanach, a lawyer who spe­cial­izes in cy­ber­se­cu­rity and data breaches at Wash­ing­ton, D.C. firm Dorsey & Whit­ney. “I would ex­pect that there will be a fairly so­phis­ti­cated ef­fort to quan­tify the ma­te­ri­al­ity of the im­pact of this breach and there would be some sort of price ad­just­ment.”

Ver­i­zon and Ya­hoo de­clined to com­ment.

Ya­hoo on Thurs­day said it had been the vic­tim of a breach in 2014 in which at least 500 mil­lion ac­counts were stolen from the com­pany in what it ex­pects is a hack by a state-spon­sored ac­tor. The breach, which may have in­cluded names, email ad­dresses, tele­phone num­bers, dates of birth and in some cases, en­crypted or un­en­crypted se­cu­rity ques­tions and an­swers, is one of the largest such thefts of its kind.

That it took so long for Ya­hoo to re­al­ize the hack “seems to fall on the side of care­less­ness or neg­li­gence,” said Rahul Te­lang, a pro­fes­sor of in­for­ma­tion sys­tems at the Heinz Col­lege at Carnegie Mel­lon Uni­ver­sity.

Po­ten­tially more damn­ing is the pos­si­bil­ity Ya­hoo se­nior man­age­ment knew about the in­tru­sion but didn’t dis­close it to users, in­vestors or bid­ders.

The Wall Street Jour­nal, cit­ing an un­named source, said late Fri­day its ex­ec­u­tives had de­tected hack­ers in Ya­hoo sys­tems in fall 2014, be­lieved linked to Rus­sia. It wasn’t clear if that breach of 30 to 40 ac­counts was linked to the larger theft of in­for­ma­tion dis­closed Thurs­day. The cas­cade of rev­e­la­tions threat­ens to de­lay the merger, ex­pected to close in the first quar­ter of next year.

Ver­i­zon, which beat out mul­ti­ple bid­ders for Ya­hoo as­sets that in­clude Ya­hoo Fi­nance, Ya­hoo Sports, Tum­blr and Flickr, said it only learned of the breach two days be­fore Ya­hoo’s dis­clo­sure.

Said Chris Bul­ger, founder of Bos­ton tech ad­vi­sory bank Bul­ger Part­ners, es­ti­mates Ya­hoo will likely have to pay at least $10 per user in repa­ra­tions. That could amount to $5 bil­lion — more than Ver­i­zon’s $4.8 bil­lion pay­ing price — mak­ing it “worth­less,” he said.

Work over­loaded

JUSTIN SUL­LI­VAN, GETTY IM­AGES

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.