Within the context of cyber security, one most always discusses the subject in exponentials; Whether considering the number of breached records, the amount of damage, or the size of data leaks. What was groundbreaking three years ago in volume will seem quaint by the end of the year. A host of news stories regarding the 2013 and 2014 data breaches at Yahoo Inc. over the past few months have underlined this aspect of the conversation about cybersecurity. It serves as a stark reminder that companies need to keep an eye on their cyber risks and seriously consider purchasing cyber insurance if they have not done so already to survive this increasingly harsh ecosystem.
The Yahoo Data Breach
In 2013 and 2014, hackers broke into Yahoo’s servers and stole personal information on three billion user accounts. It is to date one of the most significant data breaches on record. Investigators suspect Russian involvement in the hack, and federal authorities secured a five-year prison sentence against one of the hackers. Then Yahoo faced a wave of litigation in the wake of the public disclosure of the breach in 2016.
Complications In The Settlement and Sale Of Yahoo!
On September 17, 2018, Altaba Inc (the holding company managing the litigation in the wake of a Verizon takeover) reached a deal to settle the consumer litigation from the 2013 and 2014 Yahoo, Inc! data breaches. The settlement of these lawsuits alone is valued at $47 million.
The week before cutting this deal, Altaba reached an agreement to settle shareholder litigation resulting from the same breaches. Shareholders had accused Yahoo of trading stock at artificially high prices while covering up the data breach. The total cost of that lawsuit is another $80 million, with $14 million of that figure representing attorney’s fees.
Losses In The Data Breach
As large as these figures may seem for damages, they represent only a minor fraction of the actual losses suffered by Yahoo as part of the breach. Verizon was in the middle of acquiring Yahoo when news of the data breach became public. As a matter of fact, it was only as a result of the acquisition that the information became public at all. We know this because there is significant evidence that indicates that Yahoo knew of the breaches for some time before disclosing the information publicly. The news of the breach knocked $350 million off of the company’s sales price. On top of that, several top officials were forced to return large bonus packages of equity compensation. The SEC fined the company $35 million for failing to disclose the breach, and the company has also had to reach a variety of settlements with state regulators as well.
How It Applies To Your Business
In total, the total cost of the data breach will likely reach half a billion dollars, equivalent to 10% of Yahoo’s total value before the disclosure of the breach. That is a catastrophic loss. And it represents real food for thought for smaller companies as well. Can a business that is worth $2,000,000 handle a $200,000 cyber attack loss? Understanding the ballooning size of cyber exposures is crucial for modern companies so they can take appropriate actions to protect themselves from losses that might otherwise bankrupt them.