Yahoo disclosed this in November, so I’m not sure why this is suddenly getting more play. But, in case you missed . . .
The Securities and Exchange Commission is investigating the timing of Yahoo’s disclosure of the two large cyber breaches it suffered to investors, reported the Wall Street Journal. “To date, Yahoo hasn’t explained why the company took two years to disclose the 2014 incident publicly or who made the decision not to go public sooner with this information. … Legal experts say the SEC has been looking for a case to clarify what type of conduct would run afoul of guidance the agency issued in 2011. That guidance required companies to disclose material information about cybersecurity risks and cyber incidents if they determine it could affect investors. … Former SEC lawyers said the Yahoo scenario appears to provide a clearer set of circumstances than past scenarios provided.”