Yahoo (now Altaba), recently became the first public company to be fined ($35 million) by the SEC for filing statements that failed to disclose known data breaches. This is on top of the $80 million federal securities class action settlement that Yahoo reached in March, the first of its kind based on a cyberattack. Meanwhile, shareholder and consumer actions are pending in the courts.
Edward J. McAndrew of Ballard Spahr LLP recaps the hacking incidents and Yahoo’s responses to them, including its delayed disclosures while negotiating for the company to be purchased by Verizon.
He summarizes the legal actions taken to date, by US federal regulators, law enforcement agencies, and class action litigation against the company.
He follows up with sixteen lessons to be learned from the criminal conduct, the incident responses, and the various litigation in this saga.
Read the full post from Ballard Spahr via the National Law Review