WASHINGTON, Nov. 11 (UPI) — In September, weeks after announcing a merger with Verizon, Yahoo! announced it had just discovered a massive security breach. It turns out, however, the company was aware of an intruder to its systems, which may throw a wrench into the Verizon deal.
Yahoo! said in a Securities and Exchange Commission filing Thursday that some employees were aware of a breach in early 2014 by a “state-sponsored actor” and has launched an investigation to find out how many people knew.
The company acknowledged a breach that compromised data for 500 million accounts in September, but the revelation that it was aware of the risk of a hack or the hack itself far earlier than it admitted could cause it some problems.
In response to the disclosures — the hack itself was not revealed until after Verizon and Yahoo! closed the $4.8 billion deal — Verizon is reportedly asking for a $1 billion discount on the price it originally agreed to.
“In late July 2016, a hacker claimed to have obtained certain Yahoo user data,” the company said in the filing. “After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014.”
Verizon’s legal team and at least one executive has said the company expected the data breach would have a “material” impact on the company’s purchase of Yahoo! — specifically that the price would go down — but that it would not kill the deal.
Jeremiah Grossman, a former Yahoo! employee and chief of security at the company SentinelOne, said the security breach is cause for concern but he does not think it will derail Verizon’s acquisition of the internet services company.
“For publicly traded companies, it’s far less risky, liability wise, to overstate risks than under report,” Grossman told NBC News. “My thoughts: The acquisition will still go through. I don’t recall any active acquisition ever that was scrapped due to a breach or any computer security concerns.”