UK Markets closed

Yahoo fined £250,000 for 2014 data breach

Matthew Field
Yahoo was hit with the £250,000 fine - AP

Early internet giant Yahoo has been hit with a £250,000 fine by the UK's data regulator over a breach which left details of half a billion users at risk in a state-sponsored attack.

The fine comes after a 2014 cyber attack which left the details of millions of Yahoo account holders at risk. While there were 8 million UK Yahoo account holders, around 500,000 Brits were affected by the hack, while Sky email customers, which used Yahoo technology, were also affected.

The Information Commissioners Office, which issued the fine to Yahoo! UK Services Ltd, now part of US telecoms giant Verizon, said the company "failed to take appropriate technical and organisational measures to protect the data".

The ICO decision was reached earlier in May, shortly before a crackdown on European data rules as part of the new General Data Protection Regulation. Under the new laws, companies that suffer data breaches could be liable for fines of up to 20m, or 4pc of global turnover.

Yahoo blamed Russian hackers for the attack and last year the US government prosecuted two spies allegedly involved in the cyber attack.

"People expect that organisations will keep their personal data safe from malicious intruders who seek to exploit it," said ICO deputy operations commissioner James Dipple-Johnstone. "The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised."

While the ICO was limited in the fine it could mete out to Yahoo by previous data laws, the £250,000 pales in comparison to the massive $35m fine that US Securities Exchange Commission issued to Altaba, a holding company that has sold the Yahoo business but which maintains liability.

In 2014, details on 500 million Yahoo users were stolen by hackers in one of the biggest known data breaches ever. Personal information including names, email addresses, telephone numbers, birth dates, encrypted passwords and even security questions were all stolen.

Technology intelligence - newsletter promo - EOA

Yahoo only revealed the hack, however, in 2016 after it agreed to be purchased by telecoms giant Verizon. The company later discovered another attack affect a total suspected one billion accounts. The massive data breaches wiped $350m off Verizon's multi-billion dollar deal.