Today, Yahoo revealed that its systems suffered a serious breach in 2014, in which data relating to over half a billion users was compromised. Yahoo said it had determined the circumstances of the breach in "a recent investigation", which it described as "ongoing" - but the company hasn't yet explained why it's taken two years for the incident to be examined, and for the details to be made public.
But the 500 million users, whose data - including names, email addresses, phone numbers, and security questions and answers - was stolen, weren't the only ones to be left in the dark.
It's now emerged that Yahoo didn't even tell Verizon about the breach until this week. Verizon agreed to buy the company's core business at the end of July in a deal worth $4.83 billion. A week later, there were already indications of a possible major data breach involving Yahoo, affecting an estimated 200 million accounts.
But today, after Yahoo confirmed that over 500 million accounts were affected by the 2014 incident, Verizon said that it had only been informed of that breach "within the last two days".
A statement from the company said:
Within the last two days, we were notified of Yahoo's security incident. We understand what Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact. We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in [a] position to further comment.
As the statement suggests, there may be severe consequences for Yahoo after failing to inform Verizon of the breach more quickly. Verizon said that it's now evaluating its interests with regards to the Yahoo deal.
Source: Verizon / @bvar