Yahoo fined £250k over 2014 data breach
Yahoo UK has been awarded a £250,000 fine from Information Commissioner's Office (ICO) as a result of a 2014 data breach.
According to the ICO, the data security incident, which led to the theft of the personal data of 500 million people, was a result of Yahoo's failure to adequately protect itself and its users against theft and cyber attacks. A spokesperson stated that: the inadequacies found had been in place for a long period of time without being discovered or addressed".
The ICO also found that the UK arm of Yahoo had failed to ensure its parent firm was complying to data protection requirements, and was found to have failed in its task of monitoring the credentials of all Yahoo employees who had access to customer data.
According to the ICO, the incident in 2014 was one of a series of data breaches suffered by the company, during which cyber criminals managed to gain information such as names, phone numbers and email addresses, as well as passwords and security answers.
Commenting on the incident, the ICO confirmed that the £250,000 fine was specifically handed to the UK arm of Yahoo for its failure to protect the 515,000 UK accounts that were affected by this particular breach.
James Dipple-Johnstone, ICO deputy commissioner of operations, added that the failings identified within UK operations were not acceptable or what was expected from a company responsible for the handling of such large amounts of personal data.
"Yahoo! UK Services Ltd had ample opportunity to implement appropriate measures, and potentially stop UK citizens' data being compromised," Mr Dipple-Johnstone said.
"We accept that cyber attacks will happen and as the cyber criminals get shrewder and more determined, the protection of data becomes even more of a challenge," he added. "However, organisations must take appropriate steps to protect the data of their customers from this threat."