Four years ago, Yahoo had lost data of more than 500,000 UK users after it was hacked and the company had kept quiet about this for two years. However, in a recent development, the company’s British Subsidiary has been fined with GBP 250,000 by the data watchdog of the UK.
If we look at the monetary impact of this fine, it is worth 50p for every British user who was impacted by the attack, and it follows by another fine of $35 million, issued by the US Securities and Exchange Commission.
Even though the attack happened in 2014, the company remained silent about this incident for two years, until 2016. This is just one among a series of breaches that the company has encountered, and the company has been on a decline.
Last year, under the new ownership, the company declared that there was another breach in 2013 that had affected three billion users. The Information Commissioner’s Office (ICO) said that 515,121 accounts belonging to British users were compromised in the attack.
The ICO had indicated in its statement that the company had failed to comply with security measures to ensure the security of user data. According to ICO, since the data breach took place in 2014, it will apply the Data Protection Act 1998, and impose a fine of £500,000, even though the new EU-GDPR law states that companies should be charged 4% of their global turnover.
The compromised data includes names, email addresses, telephone numbers, date of birth, hashed passwords and encrypted as well as unencrypted security questions and answers.