ATLANTA, Ga – In the aftermath of last week’s news that two Russian agents and two hackers have been charged in a massive Yahoo data breach, the real news is behind the headlines, according to an Atlanta expert.
“The real news is Yahoo’s failure to act in a timely manner,” said David Barton, managing director with UHYAdvisors. “Now, they’re facing 43 class-action lawsuits, four stockholder derivative action, one stockholder class-action suit, and an FCC investigation on top of that.”
Federal prosecutors alleged the suspects hacked into Yahoo systems to "steal information from about 500 million accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers."
This marks the first time the U.S. government has issued criminal charges against Russian officials for cyber attacks.
“It’d be a good idea for any publicly traded Atlanta company, like Delta and Coca-Cola for example, to take a good, hard look at their incident-response plans and make sure they know how to handle a breach,” Barton said. “Yahoo didn’t address this breach in a timely manner.”
Yahoo said when it revealed the security breach in September that it believed the attack was state-sponsored. It disclosed a second security breach in December that was even larger than the first, affecting approximately one billion Yahoo accounts. That breach has not been connected to the first.
The two officers of the FSB, Russia's Federal Security Service, Dmitry Dokuchaev and Igor Sushchin, allegedly paid hackers to break into Yahoo's systems as part of an intelligence collection operation and for-profit scheme to "line the pockets" of all involved, federal prosecutors alleged.
“The hackers were able to get the code that actually controlled the cookies used in the breach,” Barton said. “From a consumer’s standpoint, there’s not much you can do to safeguard against that, but it all goes back to the faulty manner in which Yahoo dealt with this.”
Yahoo, which is selling its core Internet business to Verizon, has paid a heavy price for the security breaches. Verizon negotiated a price discount, trimming $350 million from the acquisition of Yahoo for a total of $4.48 billion.
And the two companies will share some legal and regulatory liabilities arising from the breaches. The acquisition is expected to close in the second quarter.