According to LegalTechNews. com and the Wall Street Journal, the Securities and Exchange Commission (SEC) is investigating whether Yahoo Inc. should have disclosed its data breaches to investors earlier. Any resulting penalties would be the agency's first ever for such a charge.
The SEC is checking whether Yahoo broke securities laws when it waited until 2016 to disclose the two breaches, which together compromised the data of more than a billion users. The incidents occurred in August 2013 and in late 2014.
Last September, U.S. Sen. Mark Warner (D-Va.) wrote to former SEC Chair Mary Jo White asking her to investigate.
Robert Cattanach of Dorsey & Whitney in Minneapolis, which represents companies in cybersecurity matters, said it can take weeks or months to gather enough information about a breach and the data that was compromised to disclose an incident accurately.
"I can promise you that there are so many different open questions when you are in the middle of one of these [data breaches], your head is just swimming," he said. "So the fact that [Yahoo]...