You are here: Home - Household Bills - News -

Yahoo! fined £250k over 2014 cyber-attack

Written by: Paloma Kubiak
Yahoo! UK Services Limited has been fined £250,000 for failings over a cyber-attack in 2014 which was only disclosed to hundreds of millions of users two years later.

The Information Commissioner’s Office (ICO) has set the fine at this level due to the severity of the data breach, it said.

In November 2014, Yahoo! suffered a cyber-attack which meant that account information such as names, email addresses, telephone numbers, dates of birth, hashed passwords and in some cases, encrypted and unencrypted questions and answers were stolen.

But Yahoo! only revealed the data hack to its 500 million global users, including 515,121 UK account holders, in September 2016 – nearly two years after the site was compromised.

Following the revelation, the ICO carried out an investigation which found the following:

  • Yahoo! UK Services Ltd failed to take appropriate technical and organisational measures to protect the data of 515,121 customers against access by unauthorised persons
  • The company failed to take appropriate measures to ensure that its data processor – Yahoo! Inc – complied with the appropriate data protection standards
  • It failed to ensure appropriate monitoring was in place to protect the credentials of Yahoo! employees with access to Yahoo! customer data
  • The inadequacies found had been in place for a long period of time without being discovered or addressed.

ICO deputy commissioner of operations, James Dipple-Johnstone, said: “People expect that organisations will keep their personal data safe from malicious intruders who seek to exploit it.

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.

“As the intruders become more sophisticated and more determined, organisations need to make it as difficult as possible for them to get in. But they must also remember that it’s no good locking the door if you leave the key under the mat.”

He added that since the ICO investigation, data protection law has changed. The EU’s General Data Protection Regulation (GDPR) came into effect on 25 May 2018 which mean people have stronger rights and more control and choice over their personal data. Then also have a look at for further help from the best GDPR consultants.

“If organisations, especially well-resourced, experienced ones, do not properly safeguard their customers’ personal data, they may find customers taking their business elsewhere,” he said.

The ICO has the power to impose a maximum penalty of £500,000 under the Data Protection Act 1998 but under the new GDPR legislation, it can impose a maximum penalty of €‎20m or 4% of total worldwide turnover.

In October 2016, it fined TalkTalk £400,000 after security failings that allowed a cyber attacker to access customer data.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Everything you wanted to know about ISAs…but were afraid to ask

The new tax year is less than a fortnight away and for ISA savers or investors, it’s hugely important. If yo...

Your right to a refund if travel is affected by train strikes

There have been a wave of train strikes in the past six months, and for anyone travelling today Friday 3 Febru...

Could you save money with a social broadband tariff?

Two-thirds of low-income households are unaware they could be saving on broadband, according to Uswitch.

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week