Internal Committee Says Yahoo’s Security Team Failed to Investigate 2014 Breach

By Marcos Colon

An independent committee established by Yahoo after it disclosed the breach in September found that the company did know of an intrusion that took place in 2014, but failed to investigate it properly.

In December 2014, Yahoo’s security team knew that a state-sponsored attacker “exfiltrated copies of user database backup files” containing Yahoo user account data, but it’s “unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood” outside of the security team, according to the filing.

It’s been a series of unfortunate events Yahoo, which have recently resulted in Verizon Communications paying $350 million less to acquire the company in a deal that’s expected to close in the second quarter of this year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.