Photo: Ethan Miller/Getty Images
The UK’s Information Commissioner’s Office (ICO), the UK’s independent data protection watchdog, fined Yahoo £250,000 ($334,000) for its 2014 data breach, which it revealed in 2016, for failing to secure UK customers’ information.
Big picture: Yahoo may be breathing a sigh of relief for two reasons. First, compare that to the fine Yahoo got from the Securities and Exchange Commission for $35 million. Second, this breach was investigated under the UK 1988 Data Protection Act — not under the new General Data Protection Regulation (GDPR), which became enforceable just last month and which threatens penalties that tower over this ICO fine.
Catch up fast: The 2014 breach led to the theft of at least 500 million records, including names, email addresses, phone numbers, dates of birth, hashed passwords, and some security questions and answers. Yahoo said state-sponsored hackers were behind the attack.
- Last year the Canadian hacker who helped Russian intelligence agents break into email accounts in the 2014 data breach was sentenced to five years in prison and ordered to pay a $250,000 fine. The Russian intelligence agents were indicted for hacking Yahoo and other email accounts.