The company that emerged with the remnants of Yahoo! Inc. was slapped with a $35 million fine because the former internet giant sat for two years on news of a major cybersecurity breach.
Altaba agreed to pay the penalty in a settlement with the Securities and Exchange Commission announced on Tuesday by the agency.
SEC officials said Yahoo’s senior management had been made aware of the data intrusion “within days,” but the company “failed to properly investigate the circumstances of the breach.”
Disclosure of the breach only happened when Yahoo was in the process of being acquired by Verizon the agency noted in a press release.
According to agency filings, the breach took place in December 2014, when Russian hackers stole personally identifiable information, including encrypted passwords, from hundreds of millions of users. Yahoo security officers described the information as the company’s “crown jewels.”
Yahoo was folded into Altaba in 2017, after Verizon acquired most of internet search engine pioneer. Altaba describes itself as “a non-diversified, closed-end management investment company,” which owns $88 billion in assets.
News of the Yahoo fine comes amid intense scrutiny of Facebook, over the social media platform’s data security practices.
In the past few weeks, it was revealed that, during the 2016 election campaign, 87 million Facebook users had profile information gleaned, without their consent, by Cambridge Analytica–a hardline right-wing research firm that had been hired by the Trump campaign.
The Federal Trade Commission is currently investigating whether Facebook violated a 2011 consent decree over privacy practices. According to statements made recently by former FTC officials, the social media giant could face fines in excess of $1 billion.