Yahoo hack raises watchdogs’ hackles
BRUSSELS The hack on Yahoo! Inc. that compromised the personal data of at least 500 million users is raising “serious questions” among European Union privacy regulators.
The “vast number of people affected by this cyber-attack is staggering and demonstrates just how severe the consequences of a security hack can be,” U.K. information commissioner Elizabeth Denham said in a statement Friday. Like their U.K. neighbours, Irish data protection regulators said they have asked Yahoo “a number of issues for which we are seeking further information and clarification.”
In a statement Thursday, Yahoo said the personal information was stolen in an attack on its accounts in late 2014, exposing a wide swath of its roughly one billion users. The attacker was a “state-sponsored actor,” and stolen information may include names, email addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, un-encrypted security questions and answers, Yahoo said.
The Irish regulator said it has contacted the U.S. Federal Trade Commission to “co-ordinate our respective inquiries.” It also said users should follow the actions outlined in an extensive guidance by Yahoo.
Given the scale of the attack, and the time it has taken for it to become public, Yahoo will face a series of investigations, said Johannes Caspar, an outspoken privacy regulator in Germany.
Yahoo in Thursday’s statement said it “is notifying potentially affected users and has taken steps to secure their accounts.” It also recommended users who haven’t changed their password since 2014, do so now.