Yahoo Fined £250,000 for Hack | Xuper IT | Latest News

Yahoo fined £250,000 for hack that affected over 515,000 UK accounts

Yahoo have been fined £250,000 over a hack from 2014 which impacted over 515,000 UK email accounts co-branded with Sky, the ICO (Information Commissioner’s Office) has announced.

The state-sponsored cyber attack in 2014, which was only revealed in 2016, compromised the personal data of 500m user accounts. The data included names, email addresses, phone numbers, passwords and encrypted security questions and answers.

Following an investigation carried out under the UK Data Protection Act 1998, the data protection watchdog stated that the firm has “failed to prevent” to Russia-sponsored attack. The ICO’s deputy operations commissioner, James Dipple-Johnstone also criticised the firm’s “inadequacies” that have been in place at Yahoo without being “discovered or addressed”.

yahoo office

The ICO also added that Yahoo had filed to take the appropriate measures to prevent the theft of personal data, and failed to make sure that data was processed by Yahoo’s US arm with the appropriate data protection standards.

Yahoo have since been acquired by Verizon and merged with internet firm AOL to form Oath, an operator of various sites and internet services.

Yahoo previously suffered an even larger data breach back in 2013 which affected 1bn accounts, and was only revealed in 2016, after the disclosure of the 2014 hack.

The firm have been lucky this breach occurred before GDPR came into force, where fines could have reached up to €20 million or 4% of annual global turnover, whichever is higher. Read more about GDPR here.