Data theft may be an increasingly common occurrence on the internet. But even in these desensitised times, few breaches can match the one revealed by Yahoo on Thursday, when it announced the theft of personal information belonging to 500m users dating from 2014.
The sheer scale of the infraction begs a host of questions about the company’s management and whether it took enough care of its customers’ personal data. It also raises questions about public disclosure and issues over the future, or at least the price, of Yahoo’s $4.8bn sale to Verizon.
In recent years, there has been a rising number of cyber breaches affecting companies and millions of users. What is both striking and unnerving about the Yahoo case is that it went apparently undetected for two years. The company’s claim that no high-value information such as credit card data were extracted is a cold comfort, and one that does nothing to excuse Yahoo for its failure to notice the cyber incursion. Nor is it enough for the company to claim that the fact its attackers were state sponsored absolves them from spotting the tracks.