Regulators have launched a probe into Yahoo over cyber attacks which endangered the data of the company’s users but were apparently kept secret for several years.
The US Securities and Exchange Commission is investigating whether two data breaches at Yahoo should have been reported to investors sooner.
In documents filed in November 2016, the technology company stated it was ‘co-operating with federal, state and foreign’ agencies, including the SEC, that were seeking information and documents about a ‘security incident and related matters.’
Other agencies looking into the data breach include the Federal Trade Commission, the US Attorney’s Office in Manhattan and ‘a number of State Attorneys General’, Yahoo said in the filing.
The company revealed in December that it uncovered a cyber attack in August 2013 and data for more than one billion user accounts was compromised.
This followed an admission from the company in September that personal information for 500million users was stolen in 2014.
It has faced pointed questions about the hacks, but has yet to disclose why it took two years to reveal the 2014 security breach.
The SEC issued requests for documents in December and is thought to be investigating whether the cyber attacks complied with civil security laws, according to the Wall Street Journal.
Security industry rules require companies to disclose cyber breaches to investors.
However, an investigation revealed last year that despite the SEC’s guidance on when publicly traded companies should report hacking incidents, companies that have experienced known breaches often omit those details in regulatory filings.
Democratic Senator Mark Warner asked the SEC in September to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the 2014 hacking attack.
The disclosures from Yahoo about both breaches came after the company agreed to sell its main business to Verizon in July, triggering questions about whether the deal would still be viable and, if so, at what price.
The communications giant is expected to purchase Yahoo’s digital advertising, email and media asset, called Yahoo Core, for $4.83 billion.
Should the transaction go through as planned, Yahoo will then rename an entity of the business, called ‘RemainCo’, as ‘Altaba’.
Altaba is expected to act as a holding company for its 15 per cent stake in Alibaba, a 35 per cent stake in Yahoo Japan, and a small portfolio of patents called Excalibur.
Yahoo chief executive, Marissa Mayer, will also step down from the board following the takeover, but will continue to act as chief executive.
Five other Yahoo directors will also resign after the deal closes.
An SEC spokesman and a Yahoo spokesman declined to comment.