The FBI is among the agencies vowing to investigate the hack and Yahoo’s handling of it Reuters
September 23, 2016
by: Nic Fildes1, Telecoms Correspondent
Yahoo2 has come under scrutiny from data protection watchdogs outside of its home market over the handling of its huge data breach3. Regulators in the UK and Ireland, where Yahoo has its European headquarters, have asked the US technology group to supply more details about the cyber attack. The location of the accounts and the affected servers will have an impact on how the investigation by regulators is carried out, and would determine whether Yahoo has broken any rules regarding data protection in specific markets. The US search company said overnight that it had been the subject of a state-sponsored hack4 with names, email addresses and security details from 500m Yahoo accounts stolen.
The size of the attack, which took place two years ago, is the largest corporate cyber attack. Its discovery comes less than two months after Verizon Communications5 agreed to buy Yahoo for $4.8bn6. The Federal Bureau of Investigation has said that it will investigate the Yahoo breach7 and the claims that the attack was state sponsored , but the company has also under pressure to explain how an incident of such magnitude that happened two years ago has only just came to light. Elizabeth Denham, the newly installed Information Commissioner in Britain, said: The vast number of people affected by this cyber attack is staggering.
The US authorities will be looking to track down the hackers but it is our job to ask serious questions of Yahoo on behalf of British citizens and I am doing that today. It is unusual for the Information Commissioner s Office to issue a public comment on an ongoing cyber security event beyond a basic statement. When TalkTalk8 revealed it had been the subject of a sophisticated attack in 2015, the data protection regulator only said that it was aware of the breach and would work with the police.
We don t yet know all the details of how this hack happened but there is a sobering and important message here for companies that acquire and handle personal data, said Ms Denham.
Related article
Timeline of events surrounding the biggest ever corporate security breach
The Data Protection Commissioner in Ireland, where Yahoo has its European headquarters, said that it was notified of the data breach on Thursday.
We have raised a number of issues with Yahoo for which we are seeking further information and clarification. We are presently awaiting their response, a spokeswoman said. The DPC has contacted the Federal Trade Commission and recommended that affected users carry out a malware check to protect against third-party access
There has also been a knock-on effect on companies that have relied on Yahoo s services.
In the UK, both BT and Sky9 have been forced to issue statements urging customers to change their passwords in the wake of the Yahoo breach, given that both companies use or have used Yahoo email services. BT had used Yahoo to outsource search, content and email functions. Although this has unwound over time, there are still thousands of BT Yahoo Mail customers that have yet to switch over their email addresses.
BT said it was investigating the Yahoo breach but said that customers who has not changed their passwords since December 2014 should do so now. Sky still uses Yahoo for its email. If you are a sky.com email holder, in line with the advice provided by Yahoo!, we advise that you change your passwords online and follow good password management practices, the broadcaster said.
Sample the FT s top stories for a week
You select the topic, we deliver the news.
References
- ^ Nic Fildes (www.ft.com)
- ^ Yahoo (markets.ft.com)
- ^ huge data breach (www.ft.com)
- ^ state-sponsored hack (www.ft.com)
- ^ Verizon Communications (markets.ft.com)
- ^ buy Yahoo for $4.8bn (www.ft.com)
- ^ the Yahoo breach (www.ft.com)
- ^ TalkTalk (markets.ft.com)
- ^ Sky (markets.ft.com)