Yahoo is now facing a lawsuit from a New York man, Ronald Schwartz, over the 2014 data breach whereby 500 million users (at least) have been compromised. The company has been accused of gross negligence and the lawsuit is on behalf of those people affected in the United States.
Compensation (for 'unspecified damages') is being sought for “reckless disregard for the security of its users’ personal information that it promised to protect”.
This is a bitter blow to the company which has already had a hard time maintaining confidence in recent years despite various CEO's being brought in to try and save the demise of the one-time paragon company.
Last week, Yahoo's blockbuster announcement that 500 million account details were stolen in what it described as a "state sponsored attack" was met with alarm by both the public and by the US senate as well.
Marissa Mayer (The current CEO) had failed to turn the company around (despite various initiatives and acquisitions) and so the decision was made to sell the core business to web giant Verizon for $4.83 billion in July. This deal, which had not been finalised, could now be less certain given the latest bombshell, not least of which is the public outcry at Yahoo's apparent lack of regard towards security.
There are reports that Yahoo knew about the issue well before the deal was brokered to Verizon, prompting calls for a formal investigation.
What Does This Mean For Your Business?
Whilst there are a number of issues of concern here, the salient points that can be drawn are that even blue-chip household names like Yahoo can be hacked and have your details exposed.
Moreover, it seems that (incredibly) these leviathan corporations can - and do - report their breaches well after the event, wittingly or otherwise.
This means that you may have been compromised and not know it until months (or even years) after the event which just goes to show that regularly updating passwords and maintaining a disaster recovery plan are essential, at the very least.
Maintaining an evolving security schedule/policy is essential and all staff or persons with access to your online data need to be regularly trained and updated.