Yahoo UK arm has been fined £250,000($335,000) by the UK Information commissioner’s Office (ICO), on a data breach affecting more than 500 million users, which took place in 2014.
The incident was reported two years later.
The company said “state-sponsored” hackers have stolen personal information, which included names, e-mails, clear security questions and answers.
The ICO has said Yahoo had failed to take appropriate measures to protect them.
Yahoo has said that he has not commented on the regulatory action.
“The failures of our survey identified are not what we expect or will accept from a company processing large volumes of personal data,” wrote deputy commissioner of operations James Dipple-Johnstone in a blog post.
“Yahoo! Services UK Ltd has been given ample opportunity to implement the appropriate measures, and potentially stop UK citizens ‘ data to be compromised.”The most famous’
Nearly eight million accounts affected were suspected of belonging to persons in the united KINGDOM.
The ICO, the investigation has also found:
The firm failed to ensure that its Yahoo-owned data processor “was in compliance with the data protection standards”
It does not ensure that the credentials of employees with access to customer data have been monitored
“There’s a long period of time” before the defects, which led to the breach have been discovered or addressed
Verizon acquired Yahoo in 2017 and combined it with AOL to form a company called Oath.
The company has been investigated in the united KINGDOM in 1988 on the Protection of Data, which pre-dates the new European data regulation GDPR.
Tony Pepper, chief executive of the Output of the Software Technologies, said the data breach could go down in history as “one of the most famous” – both because of its size and the two-year period between the attack and the report.
“Although the fine was a long time coming, I imagine that there would be a few sighs of relief that the investigation has been carried out under the Data Protection Act, rather than the GDPR, which has much more severe consequences of a violation,” he said.