The UK’s Information Commissioner’s Office (ICO), the UK’s independent data protection watchdog, fined Yahoo £250,000 ($334,000) for its 2014 data breach, which it revealed in 2016, for failing to secure UK customers’ information.
Big picture: Yahoo may be breathing a sigh of relief for two reasons. First, compare that to the fine Yahoo got from the Securities and Exchange Commission for $35 million. Second, this breach was investigated under the UK 1988 Data Protection Act — not under the new General Data Protection Regulation (GDPR), which became enforceable just last month and which threatens penalties that tower over this ICO fine.