back to article UK! watchdog! slaps! Yahoo! with! £250k! fine! for! 2014! data! breach!

Yahoo!'s UK limb has finally been handed a £250,000 fine for the 2014 cyber attack that exposed data of half a million Brit users. Russian hackers broke into Yahoo!'s servers and slurped info on circa 500 million international account holders, including names, email addresses, phone numbers, birthdates, hashed passwords and …

  1. }{amis}{

    Wow! I! feel! valued!

    <sarcasm>50p per person screwed over I am sure this will be a massive deterrent to future corporate a%&£$@~s</sarcasm>

    1. Anonymous Coward
      Anonymous Coward

      Re: Wow! I! feel! valued!

      Do feel valued as Ireland levied zero! What did Helen Dixon and her merry band of lite-touch regulators do instead? They did what paper-pushers do, they wrote a report! Covering up breaches, just the cost of doing business. This is what happens when Irish politicians bend-over for US Tech Giants. GDPR, bring us justice:

  2. This post has been deleted by its author

  3. Anonymous South African Coward

    No doubt some beancountery type will be going Yahoo! at this news....

  4. 0laf

    Not even half of what could have been demanded

    1. Cuddles

      "Not even half of what could have been demanded"

      It's exactly half of what could have been demanded.

  5. Doctor Syntax Silver badge

    Given the multiple failures here, including the long delay, this really was a case for a maximum fine if only to signal intentions about dealing with similarly egregious failings under GDPR.

  6. Count<<( Rand() username)

    A lesson for investors

    To think: Marni Walden believed she had earned Verizon's CEO position for buying this piece of junk. This was an entity which, minus it's stake in Alibaba, had been given a negative valuation by the investment banks. Only in the topsy-turvy world of Telecom.

    But...but...we need to give Telcos the right to prioritize our Internet traffic because they are so "innovative."

  7. Halfmad

    They'll never levy a maximum penalty

    They seem to think they need to build up to it, that it needs to be REALLY heinous to justify it. They should be counting down FROM the maximum when deciding penalties. What companies did prior, during and after a breach, what efforts to inform were made, justifications and documentation made etc.

    If Yahoo isn't a maximum breach given the number of people involved, then what the hell is ICO?

    1. Doctor Syntax Silver badge

      Re: They'll never levy a maximum penalty

      "If Yahoo isn't a maximum breach given the number of people involved"

      It's not just the number of people, it's the length of time they sat on the breach before reporting. That's the sort of thing that lifts fines into the higher tier under GDPR.

      1. Dabooka

        Re: They'll never levy a maximum penalty

        It does make you wonder what other forces was at play here.

        Yes it's easy to believe that this was exec dithering and cover up, but it doesn't rule out the fact they may have been coerced by some government types from over the pond to keep quiet, while they did what they did with the Ruskies.

        Not suggesting that it makes it okay and it's still us consumers that bear the brunt of it, I'm just postulating we don't know what we don't know.

  8. Dave 15

    50p each

    That will have yahoo really quaking in their boots, all the other big players are rushing around like blue arsed flies making sure they dont get hacked, such a huge fine must come close to putting them out of business (oops, sorry, think the sarcasm is a bit in over drive)

  9. Anonymous Coward
    Anonymous Coward

    Where do I claim my £0.50 from given BT email (run by Yahoo) was hacked

    So the password they got allowed them access to my BT account too.

    This is fuck all deterrent, and why firms don't spend money on IT or Security.

    1. FlamingDeath Silver badge

      Re: Where do I claim my £0.50 from given BT email (run by Yahoo) was hacked

      The hackers were also able to forge their own authentication cookies, changing your password was pointless, although still recommended, obviously

      The ICO are a shower of weak c*nts

      That £250,000 will just go to ICO executives bonuses, we all know this

  10. Lost in Cyberspace

    How do I claim?

    I lost a few novice-user customers over this... as someone who deals with consumer PC repairs, no amount of password / security resets could keep the Yahoo / BT accounts secure. BT kept saying it must be a virus on the computer, and 'the technician' (me) needed to take yet another look at the PC as it must be infected. (Nope, completely clear).

    Guess who the consumer tends to believe.

    And there's only so many times that you can charge a customer, or do it for 'free' before someone says enough is enough.

  11. FlamingDeath Silver badge

    I implore you all to...

    Get in contact with the ICO, and ask difficult questions about why this fine was so pathetically low and what happens to the money, how will it be distributed to those who were actually affected

    Even if it is just £0.50 per person, make them answer those questions, make them realise that real lives are affected by this fucking BS, because I dont think the ICO understands the seriousness of this, if they did, they wouldnt have been so weak in their actions

  12. Aodhhan

    Laughing!! !! !!

    What a small fine considering the damage.

    From a risk management perspective, it's cheaper to receive a fine from the EU than it is to integrate defense-in-depth measures on your commercial systems.

    GDPR is great, but it still doesn't put enough responsibility on cloud service providers or 3rd party application vendors. You know, those with the most expertise who employ the least amount of people.

    It's one of those political things which sounds good, but if you send enough money to us in Brussels, we'll ensure your fine isn't damaging; and we'll put the blame on the regular joe type company which employs 80% of the population.

    I still don't get why the EU is still together. Sure, it makes a boat load of money for the elite and wealthy, but the average individual gets hosed over many times. Whenever rich and powerful people are for something... the rest of us should be very scared.

    1. Anonymous Coward
      Anonymous Coward

      Re: Laughing!! !! !!

      Errrrr.... last time I looked, the ICO was a UK body. Nothing to do with the EU.

      Could you take your Brexit issues to another thread? Plenty of them tailor-made just for that.

  13. harrihasler

    Please stop

    with the annoying exclamation marks in ever title referring to yahoo.

    It's very difficult to read that way and is not funny.

    1. Sam Therapy

      Re: Please stop

      You're! A! Miserable! Bugger! Ain't! You!?

  14. handleoclast

    Early payment discount

    They should probably also take advantage of the direct debit discount, since they'll probably be paying fines on a regular basis.

    Whaddaya mean there's no direct debit discount? My gas supplier offers me a discount for immediate payment and an even bigger discount if I let them take money out of my bank by direct debit (which I refuse to do, I'd need a much healther standing balance to risk that).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like