You are here

Britain fines Yahoo UK Services £250,000 for 2014 hack

file6uefx3b4ohzpvcv2wp.jpg
Britain's data watchdog said on Tuesday it fined Yahoo UK Services Ltd £250,000 (S$445,950.77) for a cyber-attack in Nov 2014.

[LONDON] Britain's data watchdog said on Tuesday it fined Yahoo UK Services Ltd £250,000 (S$445,950.77) for a cyber-attack in Nov 2014.

Yahoo, most of whose assets were acquired by Verizon Communications Inc, said in 2016 that at least 500 million of its accounts had been hacked two years earlier.

The Information Commissioner's Office (ICO) said it focused on the 515,121 UK accounts that London-based Yahoo UK Services oversaw as a data controller.

The compromised personal data included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

The ICO investigation found Yahoo UK Services failed to protect the data and take steps to ensure parent Yahoo Inc complied with the appropriate data protection standards.

"The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures," ICO's Deputy Commissioner of Operations James Dipple-Johnstone said.

"...it's no good locking the door if you leave the key under the mat."

The inadequacies found had been in place for a long period without being discovered or addressed, ICO added.

Yahoo's European regulator has ordered it to make privacy changes following a probe into what it said was one of the largest ever data breaches to impact EU citizens.

Ireland's Data Protection Commissioner, the lead European regulator on privacy issues for Yahoo, whose European headquarters are in Dublin, said last week Yahoo's data processing operations did not meet standards required by EU law.

REUTERS

BT is now on Telegram!

For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes