The Securities and Exchange Commission announced an unprecedented $35 million cybersecurity penalty last week against Altaba Inc., putting other publicly traded companies on notice.
The financial regulator claimed Altaba, formerly known as Yahoo Inc., brushed a “massive” 2014 cybersecurity breach under the rug, keeping investors in the dark for two years about a hack affecting hundreds of millions of its users.
The fine adds teeth to recent SEC guidance on cybersecurity disclosure, experts say (Energywire, Feb. 22).
“Everybody was waiting on the SEC to drop the hammer,” said Patrick Miller, managing partner at Archer Energy Solutions. “Anybody that doesn’t disclose what could potentially be a market-swinging data breach is going to have similar problems.”
Miller said he expects the first-of-its-kind penalty to reverberate among large electricity companies. “They’re bound by the SEC like anyone [investor-owned] is, whether they’re selling sneakers or electrons.”
Advertisement
The Yahoo data breach — really a series of cyber intrusions dating back to at least 2014 — ranks among the largest in history, affecting 3 billion accounts at the former tech giant….
