According to a March 1 filing with the U.S. Securities and Exchange Commission, Yahoo Inc.’s General Counsel Ron Bell has resigned from his post. The filing comes after the conclusion of an internal investigation, led by an independent committee of Yahoo’s board of directors, into the company’s 2014 data breach, as well as several other large data breaches. The 2014 data breach was disclosed to the public in September 2016 and that breach, as well as a wave of other breaches that soon followed, ultimately compromised the data of at least 500 million user accounts. These breaches had large-scale implications for Verizon Communications, Inc.’s planned acquisition of Yahoo’s core business. Read more here.
According to the filing, the investigation concluded that Yahoo’s legal department failed to appropriately respond to information it became aware of prior to the data breaches. “[T]he Committee found that the relevant legal team had sufficient information to warrant substantial further inquiry in 2014, and they did not sufficiently pursue it. As a result, the 2014 Security Incident was not properly investigated and analyzed at the time, and the Company was not adequately advised with respect to the legal and business risks associated with the 2014 Security Incident,” Yahoo said in the filing.
Bell received no severance package as part of his resignation.In the wake of the filing, Yahoo’s CEO Marissa Mayer announced her decision to forgo her cash bonus for 2016 and her 2017 annual equity. Mayer’s annual target bonus is $2 million yearly and her annual equity award is no less than $12 million. The filing also disclosed that 43 class action suits are currently in litigation in connection with the breaches.
All companies, whether big or small, would be wise to heed the warning here—do not ignore the signs of a data breach. It’s better to investigate a potential data breach than deal with the fallout from a data breach that could have been minimized, or even prevented.