You are here: Home - Household Bills - News -

Yahoo! fined £250k over 2014 cyber-attack

0
Written by: Paloma Kubiak
12/06/2018
Yahoo! UK Services Limited has been fined £250,000 for failings over a cyber-attack in 2014 which was only disclosed to hundreds of millions of users two years later.

The Information Commissioner’s Office (ICO) has set the fine at this level due to the severity of the data breach, it said.

In November 2014, Yahoo! suffered a cyber-attack which meant that account information such as names, email addresses, telephone numbers, dates of birth, hashed passwords and in some cases, encrypted and unencrypted questions and answers were stolen.

But Yahoo! only revealed the data hack to its 500 million global users, including 515,121 UK account holders, in September 2016 – nearly two years after the site was compromised.

Following the revelation, the ICO carried out an investigation which found the following:

  • Yahoo! UK Services Ltd failed to take appropriate technical and organisational measures to protect the data of 515,121 customers against access by unauthorised persons
  • The company failed to take appropriate measures to ensure that its data processor – Yahoo! Inc – complied with the appropriate data protection standards
  • It failed to ensure appropriate monitoring was in place to protect the credentials of Yahoo! employees with access to Yahoo! customer data
  • The inadequacies found had been in place for a long period of time without being discovered or addressed.

ICO deputy commissioner of operations, James Dipple-Johnstone, said: “People expect that organisations will keep their personal data safe from malicious intruders who seek to exploit it.

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.

“As the intruders become more sophisticated and more determined, organisations need to make it as difficult as possible for them to get in. But they must also remember that it’s no good locking the door if you leave the key under the mat.”

He added that since the ICO investigation, data protection law has changed. The EU’s General Data Protection Regulation (GDPR) came into effect on 25 May 2018 which mean people have stronger rights and more control and choice over their personal data.

“If organisations, especially well-resourced, experienced ones, do not properly safeguard their customers’ personal data, they may find customers taking their business elsewhere,” he said.

The ICO has the power to impose a maximum penalty of £500,000 under the Data Protection Act 1998 but under the new GDPR legislation, it can impose a maximum penalty of €‎20m or 4% of total worldwide turnover.

In October 2016, it fined TalkTalk £400,000 after security failings that allowed a cyber attacker to access customer data.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Are you a first-time buyer looking for a mortgage?

Look no further, get the help you need by searching for your perfect mortgage

Five ways to get on the property ladder without the Bank of Mum and Dad

A report suggests the Bank of Mum and Dad is running low on funds. Fortunately, there are other options for st...

The essential Your Money guide to the April 2018 tax changes

As we head into the 2018/19 tax year, a number of key changes take place to existing policies while some new i...

A guide to switching energy provider

All you need to know about switching from one energy supplier to another.

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

YourMoney.com Awards 2018

Now in their 21st year, our awards recognise the companies offering the best products and services to consumers

Money Tips of the Week

Read previous post:
2215994-gashob
Energy customers to get compensation for switching problems

Energy customers switching supplier will be automatically compensated if something goes wrong, under new Ofgem proposals.

Close