On Wednesday, Yahoo! disclosed that more than 1 billion of its users’ personal information was exposed in a newly discovered cyber-attack, making it the largest data breach reported to date. The breach apparently took place in August of 2013.
This news comes just months after Yahoo! publically confirmed that in late 2014 a “state-sponsored” hacker stole personal information from at least 500 million of its customers.
The news couldn’t have come at a worse time for Yahoo! The company is in the midst of a sale to Verizon Communications for $4.8 billion – which has stalled while Verizon assesses the impact of these breaches and whether the MAC clause – or material adverse change provision in the M&A agreements – has been triggered by these hacking disclosures. MAC clauses are escape hatches for buyers when deal dynamics undergo a major change.
Nonetheless, consumers continue to raise concerns about whether Yahoo! is taking proper steps to ensure its users’ data is protected and to timely notify its users of data breaches; especially since this is the second time Yahoo! has taken an exceptionally long time to discover and disclose a massive breach.
Immediately following Yahoo!’s disclosure this week, a Yahoo! consumer filed a class-action lawsuit against the company for failing to adequately protect users’ confidential information.
We will continue to monitor Yahoo!’s investigation into this breach and the ensuing litigation.