The Guardian Australia

Yahoo fined £250,000 for hack that impacted 515,000 UK accounts

- Samuel Gibbs

Yahoo has been fined £250,000 over a hack from 2014 that affected more than 515,000 UK email accounts co-branded with Sky, the Informatio­n Commission­er’s Office has announced.

The personal data of 500m user accounts worldwide was compromise­d during a state-sponsored cyber attack in 2014, which was only revealed in 2016. The stolen data included names, email addresses, telephone numbers, passwords and encrypted security questions and answers, the ICO said on Tuesday.

The ICO said the fine related to the impact on 515,121 accounts that were co-branded as Sky and Yahoo services in the UK, for which Yahoo! UK Services Ltd is the data controller.

The data protection watchdog said the internet firm had “failed to prevent” the Russia-sponsored hack, following an investigat­ion carried out under the Data Protection Act 1998. James Dipple-Johnstone, ICO’s deputy operations commission­er, criticised “inadequaci­es” that had been in place for a long time at Yahoo without being “discovered or addressed”.

ICO said Yahoo had failed to take appropriat­e measures to prevent the theft of data and failed to ensure that data was processed by Yahoo’s US arm with appropriat­e data protection standards.

Dipple-Johnstone said: “The failings our investigat­ion identified are not what we expect from a company that had ample opportunit­y to implement appropriat­e measures, and potentiall­y stop UK citizens’ data being compromise­d.”

Yahoo declined to comment. The firm has since been acquired by US cable operator Verizon and was merged with fellow original internet firm AOL to form Oath, an operator of various specialist­s sites and internet services.

“We accept that cyber-attacks will happen and as the cybercrimi­nals get shrewder and more determined, the protection of data becomes even more of a challenge,” said Dipple-Johnstone. “However, organisati­ons must take appropriat­e steps to protect the data of their customers from this threat.”

Yahoo also suffered a larger data breach in 2013 that affected 1bn accounts but it was only revealed in 2016, after the disclosure of the 2014 hack.

?? Photograph: Marcio Jose Sanchez/AP ?? Yahoo also suffered a larger data breach in 2013 affecting 1bn accounts, but it was only revealed in 2016 after the disclosure of the 2014 hack.
Photograph: Marcio Jose Sanchez/AP Yahoo also suffered a larger data breach in 2013 affecting 1bn accounts, but it was only revealed in 2016 after the disclosure of the 2014 hack.

Newspapers in English

Newspapers from Australia