You are here: Home - Household Bills - News -

Yahoo! fined £250k over 2014 cyber-attack

Written by: Paloma Kubiak
Yahoo! UK Services Limited has been fined £250,000 for failings over a cyber-attack in 2014 which was only disclosed to hundreds of millions of users two years later.

The Information Commissioner’s Office (ICO) has set the fine at this level due to the severity of the data breach, it said.

In November 2014, Yahoo! suffered a cyber-attack which meant that account information such as names, email addresses, telephone numbers, dates of birth, hashed passwords and in some cases, encrypted and unencrypted questions and answers were stolen.

But Yahoo! only revealed the data hack to its 500 million global users, including 515,121 UK account holders, in September 2016 – nearly two years after the site was compromised.

Following the revelation, the ICO carried out an investigation which found the following:

  • Yahoo! UK Services Ltd failed to take appropriate technical and organisational measures to protect the data of 515,121 customers against access by unauthorised persons
  • The company failed to take appropriate measures to ensure that its data processor – Yahoo! Inc – complied with the appropriate data protection standards
  • It failed to ensure appropriate monitoring was in place to protect the credentials of Yahoo! employees with access to Yahoo! customer data
  • The inadequacies found had been in place for a long period of time without being discovered or addressed.

ICO deputy commissioner of operations, James Dipple-Johnstone, said: “People expect that organisations will keep their personal data safe from malicious intruders who seek to exploit it.

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.

“As the intruders become more sophisticated and more determined, organisations need to make it as difficult as possible for them to get in. But they must also remember that it’s no good locking the door if you leave the key under the mat.”

He added that since the ICO investigation, data protection law has changed. The EU’s General Data Protection Regulation (GDPR) came into effect on 25 May 2018 which mean people have stronger rights and more control and choice over their personal data.

“If organisations, especially well-resourced, experienced ones, do not properly safeguard their customers’ personal data, they may find customers taking their business elsewhere,” he said.

The ICO has the power to impose a maximum penalty of £500,000 under the Data Protection Act 1998 but under the new GDPR legislation, it can impose a maximum penalty of €‎20m or 4% of total worldwide turnover.

In October 2016, it fined TalkTalk £400,000 after security failings that allowed a cyber attacker to access customer data.

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

The savings accounts paying the most interest

If one of your jobs this month is to get your finances in order, moving your savings to a higher paying deal i...

Everything you need to know about being furloughed

Few people had heard of ‘furlough’ before March 2020, but the coronavirus pandemic thrust the idea of bein...

Coronavirus and your finances: what help can you get in the second lockdown?

News and updates on everything to do with coronavirus and your personal finances.

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

Money Tips of the Week

  • @YourMoneyUK I will be travelling to UK from Gran Canaria and im in reciept of pension credit, am i eligible for this payment?
  • Unclaimed money scheme expanded to aid Covid recovery: @YourMoneyUK
  • RT @thenutmegteam: Keeping on top of your pension now could well pay dividends in the future. ⏳ Nutmeg's savings and investments specialis…

Read previous post:
Energy customers to get compensation for switching problems

Energy customers switching supplier will be automatically compensated if something goes wrong, under new Ofgem proposals.