Yahoo Faces SEC Probe Over Multiple Data Breaches, Journal Says

U.S. regulators are investigating whether two data breaches at Yahoo! Inc. should have been reported to investors sooner, the Wall Street Journal reported.

The Securities and Exchange Commission has requested documents and opened a probe into the company’s announcements of the cyberattacks, the newspaper said, citing unidentified people familiar with the matter. The regulator requires disclosures on cybersecurity risks as soon as they are determined to impact investors, according to the report.

Yahoo said in September that the personal information of at least 500 million users was stolen in 2014. Less than three months later it disclosed that user data from more than 1 billion accounts was taken by hackers in 2013. The announcements came after July’s agreement for Verizon Communications Inc. to buy Yahoo’s online assets for $4.8 billion.

Yahoo, when contacted for comment, referred to its quarterly report filed in November: “The Company is cooperating with federal, state, and foreign governmental officials and agencies seeking information and/or documents about the Security Incident and related matters, including the U.S. Federal Trade Commission, the U.S. Securities and Exchange Commission, a number of State Attorneys General and the U.S. Attorney’s office for the Southern District of New York."

While the SEC probe is focused on the 2014 data breach, the investigation is in its early stages and its too soon to say if it will result in any public action, the Wall Street Journal said, citing some of the people familiar with the matter. The SEC and U.S. attorney’s office in Manhattan declined to comment, the Journal said.

    Before it's here, it's on the Bloomberg Terminal.