Emerging Markets Law

Yahoo Breach and Data/Information Security

The massive breach of accounts at Yahoo revealed on September 22, 2016, brings several thoughts to mind:

  • The purchase of Yahoo by Verizon Wireless has not yet closed. Any companies undergoing diligence on the M&A front should account for this kind of issue (Yahoo's breach occurred several years ago) as part of the value and process of the transaction.
  • Anyone can get hit. Yahoo is a juicy target because it is so massive. Most small-company problems aren't due to targeting, though: they are due to internal actors. Sometimes it is negligence and sometimes it is malfeasance... but it is almost always employees who cause leaks and incidents. 
  • Even a small incident causes business disruption and unnecessary cost. Finding ways to prevent or minimize issues before they happen is prudent for most companies.     
  • Planning ahead for a problem is the best defense most companies can have, both practically speaking and as a legal matter. Training, awareness, and employee policies can go a long way toward sealing gaps, since many issues relate to human behavior rather than to hacking. Carrying a cyber policy can also be helpful.

An ounce of prevention is said to be worth a pound of cure. Not every incident can be prevented, especially malicious ones. Building in some prevention, however, is a priceless investment for most small companies. Your lawyer can help you sort through which measures make the most sense based on your company's size, resources, and risk profile. 

Stay Connected

Subscribe to blog updates via email