Yahoo's Mayer to miss out on cash bonus
Yahoo CEO Marissa Mayer will not receive a cash bonus for 2016 because of the major 2014 security breach that happened under her tenure.
In its annual report, Yahoo’s board said as a result of an independent investigation into the incident, the board has decided not to offer the otherwise expected cash bonus for 2016. Mayer has also offered to forego any 2017 annual equity award, and the board has accepted this offer.
The report also discloses that to date, around 43 class action lawsuits have been filed against the company, in both US and foreign courts.
The suits relate to the 2014 incident, as well as another major security breach from 2013 that was also only recently discovered and a third incident involving forget cookies from 2015 and 2016. Yahoo said it cannot reasonably predict the possible losses from these lawsuits in these early stages.
The 2014 incident is thought to disclose the theft of user information on around 500 million accounts, the 2013 incident involved the theft of over 1 billion accounts and the final incident is estimated to have involved the use of forged cookies for around 32 million accounts.
An investigation found that Yahoo’s “information security team had contemporaneous knowledge of the 2014 compromise of user accounts, as well as incidents by the same attacker involving cookie forging in 2015 and 2016”. But the committee did not conclude that there was an intentional suppression of this information.
“Nonetheless,the committee found that the relevant legal team had sufficient information to warrant substantial further inquiry in 2014, and they did not sufficiently pursue it. As a result, the 2014 security incident was not properly investigated and analysed at the time,” the report states.
“The independent committee found that failures in communication, management, inquiry and internal reporting contributed to the lack of proper comprehension and handling of the [incident].”
Australia's Notifiable Data Breach legislation came into effect today, leaving Australian...
With the Notifiable Data Breach scheme about to start, two OAIC guides detail the steps to take...
Gartner urges a multistage approach to dealing with the new class of security vulnerability...