Approximately £250,000 has been fined to Yahoo by the UK privacy regulator, the Information Commissioner’s Office (ICO) following a 2014 Russian state-sponsored attack which effected in the compromise of almost 500 million accounts.
The incident was reported two years later by the internet pioneer that led to the compromise of above 500,000 UK accounts of Yahoo.
It involved some personal data which included the names, telephone numbers, dates of birth, email addresses, hashed passwords and encrypted or unencrypted security questions and answers.
According to the recent reports the accounts were co-branded with the Sky, but Yahoo UK was the data regulator, and so had the responsibility for their security under the previous data protection laws.
The lengthy ICO investigation found that Yahoo UK failed to take suitable technical and organizational measures for protecting the data and also ensure that it fulfilled with the data protection standards. It was also failed to ensure the appropriate monitoring was in that position to protect the credentials or details of Yahoo employees who had access to the customer data.
The ICO argued that these insufficiencies were present in the company from a very long period without being addressed.
James Dipple-Johnstone, the ICO deputy commissioner of operations, said that the organizations not only need to shut the door but it also needs to locks it and checks the locks.
He also added that as per our investigation, the law has completely changed. Under the new Data Protection Act and the General Data Protection Regulation Act 2018, every individual have stronger rights and more choice and control over their data. If organizations particularly experienced ones, well-resourced which do not properly preserved their customers’ data, they might locate customers by taking their business elsewhere.
Last year the Department of Justice was charged the two Russian FSB officers and hacker-for-hire Alexsey Belan for conspiring to break into the Yahoo to get the information on persons of interest to the Kremlin.
Though in 2017, Yahoo also admitted that on a previous 2013 breach, almost one billion accounts was actually affected by three times of that amount.