The SEC is in the early stages of a probe into two massive cyberattacks on Yahoo! Inc.'s network, seeking to determine whether the company should have notified investors earlier about the breaches.
The investigation might focus on a 2014 data hack affecting at least 500 million user accounts, which Yahoo revealed in September 2016, The Wall Street Journal reported Jan. 22, citing people with knowledge of the matter.
In December 2016, Yahoo gave details about a separate August 2013 incident where an unauthorized third party stole personal data from more than 1 billion user accounts. Yahoo has committed to working with government authorities and forensic experts about the cybersecurity incidents.
In 2011, the SEC issued a guidance requiring companies to disclose information about cybersecurity incidents once they are found to have an effect on investors. Bringing a case against Yahoo will allow the commission to clarify the rules over the timing of the disclosures, but it is still too early to say whether the probe will lead to any public action, according to the report.
Verizon Communications Inc., which agreed to buy Yahoo's operating business for about $4.83 billion, is reportedly considering backing out of the deal or negotiating a price cut following reports about the cyberattacks.