UK privacy watchdog slaps Yahoo with another fine over 2014 hack
Yahoo still isn’t done facing the consequences for its handling of a massive 2014 data breach. The UK’s Information Commissioner’s Office has slapped Yahoo UK Services Ltd with a £250,000 (about $334,300) fine under the country’s Data Protection Act. The ICO determined that Yahoo didn’t take “appropriate” steps to protect the data of 515,121 UK users against hacks, including meeting protection standards and monitoring the credentials of staff with access to the information.
Engadget’s parent company, Verizon, now owns Yahoo. Engadget remains editorially independent.
Verizon’s Oath (the brand that subsumed Yahoo, and owns Engadget) stressed in a response that it had taken efforts to strengthen its security systems since the carrier acquired Yahoo, and that this had nothing to do with the European Union’s GDPR (which only just took effect).
The fine is minuscule compared to the US Securities and Exchange Commission’s $35 million fine, and it’s unlikely to have significant ramifications for the company. However, it does illustrate the scope of the problem. When a hack compromises sensitive information for 500 million people, there will be numerous countries that want restitution.
(16)