Yahoo Pays Steep Price for Data Breaches


By: Kacie L. Manisco

In the wake of Yahoo’s disclosure of two massive data breaches last year, Yahoo and Verizon have finally confirmed that the search giant’s acquisition by Verizon will move forward – but at a steep price for Yahoo. Verizon will now pay $350 million less than its original offer.

The acquisition, which was first announced in July 2016, has been stalled as the companies assess the impact of the two Yahoo data breaches. The first breach, disclosed in September 2016, affected around 500 million accounts, and the second, disclosed in December 2016, affected over 1 billion accounts. These breaches raised uncertainty as to whether Verizon would follow through with the acquisition. Verizon, however, announced this week that it will push ahead. According to Verizon Executive Vice President Marni Walden, “we have always believed this acquisition makes strategic sense.” The deal, now valued at $4.48 billion, is expected to close in the second quarter of 2017.

But, Verizon executives also believe that breach-related costs will continue to mount. Accordingly, the revised acquisition terms call for the two companies to equally share any future legal costs resulting from the data breaches. Yahoo, however – which did not carry cybersecurity insurance –  will be solely responsible for liabilities stemming from SEC investigations and shareholder lawsuits.

The SEC is currently investigating whether the two breaches should have been disclosed sooner to the victims, and whether Yahoo violated securities laws by not providing breach-related documents to the agency. Further, according to an earnings report filed in November 2016, Yahoo faces 23 putative class-action lawsuits in U.S. federal and state courts, just for the September breach alone.

This acquisition has become a cautionary tale about the long-term impact security breaches may have on businesses and big-business deals alike.  All of this underscores the importance of working with experienced legal counsel to properly respond to a data breach when it occurs and being proactive before a breach occurs to review your data security policies and practices, as well as your incident response procedure, to make sure you are well-positioned to protected against and respond to a data breach. Please contact FMG’s Data Security, Privacy, and Cyber Liability team to discuss further the steps you can take to protect yourself and your business.