Yahoo Breach Offers Two Important Cybersecurity Lessons
Yahoo Inc.’s cybersecurity woes continue to offer lessons for New York and New Jersey businesses. The company’s 2014 security breach, which impacted more than 500 million accounts, lowered the value of the company in its acquisition by Verizon and recently resulted in the resignation of the company’s top lawyer.
Liability of Top Executives for Cyber Breaches
Last fall, Yahoo disclosed that hackers stole the personal data of more than 500 million users, including their names, email addresses, dates of birth, telephone numbers, and encrypted passwords. Another breach in 2013 affected more than one billion accounts. Of course, the first question many asked was, “Why are we just learning about this now?”
In addition to facing class-action lawsuits, Yahoo is under investigation by the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC). The company also launched its own investigation into how the company handled the data breach. Yahoo ultimately concluded that senior executives were aware of the attacks, but failed to “properly comprehend or investigate” the cyber intrusion. The board subsequently ordered the company to overhaul its cybersecurity program.
CEO Marissa Mayer acknowledged that she shares some of the blame and agreed to forfeit some of her annual compensation. In a recent blog post, she wrote: “I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.” Yahoo’s general counsel is also being held accountable for the data security lapses. He resigned and will not receive any severance pay.
As highlighted by the recent fallout at Yahoo, boards are starting to hold senior executives accountable for data breaches, particularly if they could have been easily prevented or if the response is mismanaged. Executives left holding the bag may not only lose part of their paychecks, but also their jobs.
Cybersecurity’s Role in M&A Transactions
Verizon reduced Yahoo’s acquisition value by $350 million in the wake the significant cyberattacks. The price reduction reflects that data breaches can significantly impact a company’s reputation and lead to significant legal liability. Cybersecurity incidents can also lead to public disclosure of valuable trade secrets and other proprietary information. Accordingly, when contemplating a merger or acquisition, companies in all industries are making cybersecurity a more important part of the due diligence process.
Prior to closing a M&A transaction, buyers should review any past data breaches and other cybersecurity incidents. It is important to evaluate not only why the breach occurred, but also how prepared the company was prepared to respond. While cyber breaches have become commonplace, having robust policies and procedures in place can often go a long way in limiting the potential damages.
In structuring a M&A transaction, the parties should also address how liability for breaches will be apportioned. In the Yahoo-Verizon deal, the two companies have agreed to “share certain legal and regulatory liabilities arising from … data breaches incurred by Yahoo.” According to a recent press statement, Yahoo will be responsible for 50 percent of all cash liabilities incurred after the closing related to non-SEC government investigations and third-party litigation. Meanwhile, Yahoo will be solely responsible for all liabilities from shareholder lawsuits and SEC investigations.
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Cybersecurity: What Can We Learn From the Yahoo Data Breach?
Author: Scarinci Hollenbeck, LLC
Yahoo Breach Offers Two Important Cybersecurity Lessons
Yahoo Inc.’s cybersecurity woes continue to offer lessons for New York and New Jersey businesses. The company’s 2014 security breach, which impacted more than 500 million accounts, lowered the value of the company in its acquisition by Verizon and recently resulted in the resignation of the company’s top lawyer.
Liability of Top Executives for Cyber Breaches
Last fall, Yahoo disclosed that hackers stole the personal data of more than 500 million users, including their names, email addresses, dates of birth, telephone numbers, and encrypted passwords. Another breach in 2013 affected more than one billion accounts. Of course, the first question many asked was, “Why are we just learning about this now?”
In addition to facing class-action lawsuits, Yahoo is under investigation by the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC). The company also launched its own investigation into how the company handled the data breach. Yahoo ultimately concluded that senior executives were aware of the attacks, but failed to “properly comprehend or investigate” the cyber intrusion. The board subsequently ordered the company to overhaul its cybersecurity program.
CEO Marissa Mayer acknowledged that she shares some of the blame and agreed to forfeit some of her annual compensation. In a recent blog post, she wrote: “I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.” Yahoo’s general counsel is also being held accountable for the data security lapses. He resigned and will not receive any severance pay.
As highlighted by the recent fallout at Yahoo, boards are starting to hold senior executives accountable for data breaches, particularly if they could have been easily prevented or if the response is mismanaged. Executives left holding the bag may not only lose part of their paychecks, but also their jobs.
Cybersecurity’s Role in M&A Transactions
Verizon reduced Yahoo’s acquisition value by $350 million in the wake the significant cyberattacks. The price reduction reflects that data breaches can significantly impact a company’s reputation and lead to significant legal liability. Cybersecurity incidents can also lead to public disclosure of valuable trade secrets and other proprietary information. Accordingly, when contemplating a merger or acquisition, companies in all industries are making cybersecurity a more important part of the due diligence process.
Prior to closing a M&A transaction, buyers should review any past data breaches and other cybersecurity incidents. It is important to evaluate not only why the breach occurred, but also how prepared the company was prepared to respond. While cyber breaches have become commonplace, having robust policies and procedures in place can often go a long way in limiting the potential damages.
In structuring a M&A transaction, the parties should also address how liability for breaches will be apportioned. In the Yahoo-Verizon deal, the two companies have agreed to “share certain legal and regulatory liabilities arising from … data breaches incurred by Yahoo.” According to a recent press statement, Yahoo will be responsible for 50 percent of all cash liabilities incurred after the closing related to non-SEC government investigations and third-party litigation. Meanwhile, Yahoo will be solely responsible for all liabilities from shareholder lawsuits and SEC investigations.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
