The UK arm of Yahoo has been fined £250,000 by the Information Commissioner’s Office (ICO) over a data breach in 2014 that affected 500 million users.
The hackers managed to access sensitive information, including names, email addresses, and security questions and answers, all because Yahoo failed to take the measures required to protect these data.
When the ICO’s investigation delved deeper, it was discovered that Yahoo had failed in many data areas, such as failing to make sure their processor complied with regulation and vetting employees with access to sensitive information.
To make matters worse, this breach was not even acknowledged for two years and so measures that could prevent this from happening again were not addressed.
This is one of the largest breaches of security and personal data in history, something that the introduction of GDPR (those really annoying emails you keep getting) should go some way to helping prevent in the future.
P.S. Because the breach occurred before the introduction of GDPR, Yahoo will avoid the significantly tougher consequences and penalties that GDPR imposes. Lucky for them!