Aftermath of the Yahoo Breach: M&A Risk and Cybersecurity

Patterson Belknap Webb & Tyler LLP
Contact
LinkedIn
Facebook
X
Send
Embed

In the midst of its acquisition by Verizon Communications Inc., Yahoo Inc. disclosed what looks like one of the largest reported thefts of user information in U.S. history.

Yahoo  has confirmed that a “state-sponsored” hacker stole personal information for at least 500 million customers.  The hack apparently compromised user names, hashed passwords, telephone numbers, street addresses and birth dates.  Yahoo reports that no payment-card data or bank account information was stolen.

The breach comes just months after Yahoo entered into an agreement with Verizon to sell Yahoo’s core operating business for $4.8 billion.  Needless to say, this news could not have come at a worse time for Yahoo and underscores that cybersecurity concerns have become a key issue in M&A activity.  For that reason, companies have undergone cybersecurity vulnerability assessments long before going to market to avoid a hiccup – or even worse – prior to a sale.

Since the facts surrounding this breach are still unfolding, it’s too early to tell what impact it will have on the proposed transaction.  In the merger agreement, Yahoo represents that to its knowledge, “there have not been any incidents of, or third-party claims alleging” security breaches or thefts of user information that “could be reasonably be expected” to have a material adverse effect on the company’s business.

While these so-called “MAE” or “MAC” clauses provide an escape hatch for acquirers when confronted with material unforeseen circumstances, such disclosures are equally likely to trigger a renegotiation of the transaction price.

Either way, life has gotten more complicated for Yahoo.  Late Friday, at least three class action lawsuits had been filed in Illinois and California accusing the company of failing to secure customer information and “to establish and implement basic data security protocols, contrary to Yahoo’s guarantees, its users’ personal information is now in the hands of criminals and/or enemies of the U.S.”

This is not the first time Yahoo’s data has been breached.  In 2012, the company acknowledged that more than 450,000 user accounts were compromised.

For now, Yahoo has said that it is continuing to investigate the breach.  In the coming weeks, we’ll be following the implications of this massive theft of customer information.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP
Patterson Belknap Webb & Tyler LLP
Contact
more
less

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide