The United States Securities and Exchange Commission have launch an investigation regarding a previously reported breach of Yahoo's company servers. The SEC is working on the allegation that whether Yahoo should have reported two massive data breaches to investors.
In November 2016, Yahoo said in its quarter filing that the company is cooperating with various federal, state, and foreign agencies in their efforts to thwart the data perpetrators of the data breaches. Yahoo have faced questions whether the company have important information regarding the attacks on its servers that have exposed sensitive email and user information of more than half a billion accounts.
In December 2016, Yahoo reported that the company have discovered another massive cyber intrusion that happened in August 2013 that may have compromised more than one billion of its users' account information. Closely following this, the SEC asked the tech company to provide necessary documents in order to prove whether it had complied with civil security laws
In a statement acquired by ZDNet, Yahoo said, "Based on ongoing investigation, the company believes an unauthorized third party accessed the company's proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used."
Current security industry rules require companies to disclose any cyber-attack or breaches to investors. It is also important to note that the SEC has a guideline in terms of server intrusions when it comes to publicly traded companies like Yahoo.
In September 2016, U.S. Democratic Senator Mark Warner asked the SEC to investigate whether Yahoo, along with its senior executives, have made the necessary move to inform investors and the public about the hacking attacks. Yahoo disclosed the hacking attacks after the company agreed to sell its main business to Verizon Communications in July 2016, according to Reuters.