Yahoo Data Breach Highlights Risk of Inadequate Corporate Compliance Programs

LexisNexis Due Diligence Services, LexisNexis BIS

In any age, always the data turns to be the treasure or the asset to all companies, but there is risk involved. As per the PWC Annual CEO survey, 62% of respondents pointed to cyber threat. Also, 58% of CEO’s were concerned of the shrinking stakeholder’s faith, as it may affect the growth of the company. 84% of consumers have quoted that the breach of data privacy can decline the faith of the companies. You need to know the regulators ideas and their expectations to outsource.

Breach leads to the damage of the reputation

Data breach takes place commonly everywhere. It’s in the company’s hands to have the professionals who are not only knowledgeable yet outstanding in terms of trust as well maintaining the confidentiality is very essential and notable too. Data breach occurred in 2014 attracts the attention of media, why? On FCPA Blog, Mr. Richard Cassin points on the Yahoo’s transparency – the breach that emerged questions and queries on it. Firstly, the Yahoo revealed the breach by Sep 2016, and the securities were filed by the month of Nov 2016, where it stated that the employees were aware by 2014, that above 500 million numbers of accounts were hacked by the hackers. Yahoo revealed later, there was a data breach by 2013 which affected above 1 billion accounts.

By November, Yahoo stated that there is a record of expenses of around $1 million and that relates to the breach of data by Sep. Yahoo also pointed that there was theft of data and data breach. Immediately, it was noted and there were also investigations going on to find out the countermeasures as well to safeguard the users also work on the option of protecting the users from hacking in the future by noting all the areas like legal, etc. Yahoo also faced 23 customer’s lawsuits in the United States courts, also in many courts in foreign countries. Customer due diligence played a role here, after the disclosure, which made them to sue against Yahoo. And the concern also expects some lawsuits by many customers, users, also by shareholders. Also the gap of 2-3 years, the tenure between both the breach discoveries as well the disclosures made the concern to have number of consequences too. Yahoo could have had Technical due diligence, which might help in saving the concern, also the reputation too.

There came the disclosure after 2 months, when Yahoo finished all types of negotiations with Verizon to hand over the business for around $4.8 billion. The New York Times Had reported that General Counsel of Verizon Mr. Craig stated as Yahoo now needs to explain the impact as it’s the material, if it’s not the material is what Yahoo believes, and then Yahoo has to showcase it to us. Then there was another disclosure nearing, stated that there was a breach that was more than what has imagined or stated which aggravated the position of Yahoo. There came up the news from the Guardian, which is Yahoo gave its business to Verizon to $350 million, and it’s a greater discount, or a loss to Yahoo, on other hand. Yahoo could have been saved, if it had had Enhanced due diligence.

Investigation all around

Yahoo pointed out that the company gives its fuller cooperation with all officials of state, and federal governments to find out the breach, and also to seek many information related to the breach, and several subject matter connecting to it. The SEC did not bring the countermeasure to light on the breach of data against public concern. Also, there was an urge to bring in the disclosure of such events on time. Specialist Kim Phan – Data security, stated to the Financial Times, that SEC is looking forward to bring in such type of action, and such difference of time between the disclosure and the discovery, the case of Yahoo’s might be the watershed moment.

Like the guidance from many regulatory agencies, the United States of Department of Justice also shared its consideration on compliance review. There were many questions like the board of the directors didn’t have experts or the professionals to find out the breach of data and also how was the reaction of senior management to such incident when it came into light. This led to the resignation of General Counsel of Yahoo, and there happened to be more of criticism on the attorneys, and also about the team of Security associated with. Commercial due diligence is nothing but the working on due diligence from commercial part, failure to which, can ruin the reputation of a concern.

Yahoo’s incident led many companies to work on safety of data

The incident of Yahoo made other concerns to act proactively on the stopping of data breach by involving the third-party also proper and sufficient risk management is to be included to stop such. Very first the third-party concerns that come up to save the data breach should first analyze research and then sort according to the issues that arise in situations. This third-party management’s introduction suggested by the regulatory agencies, help in Risk mitigation.

Also this can make the companies free themselves when third-party is involved mentioning it as the Third-party risk.

Also the risk involved should also be notable by such third-party management is very importantly considered.  There are also many tools that can help the concerns to have the risk managed with the better compliance to face when they arise as a challenge. Compliance risk is also the great challenge for the third-party management when they come in to their work associated with the companies.