Yahoo coughed up as much as $16 million to conduct investigations and pay legal fees in Q1 2017 following its disclosure of a massive data breach which compromised over 1 billion user accounts.
The legal costs of the 2014 data breach suggest how expensive cyber-attacks can be for companies which didn’t implement strong cyber-security practices.
While $5 million was spent on forensic investigation, legal fees amounted to $11 million in the first quarter following a series of legal actions initiated against the company by investors. Most of the cases revolved around the fact that Yahoo didn’t disclose the 2013 data breach to investors until the fall of 2016.
The legal fees incurred by Yahoo are insignificant compared to the financial damage caused to UK businesses by cyber-attacks and data breach incidents. A research conducted by Oxford Economics and commissioned by cyber security experts CGI revealed that FTSE organisations lose, on an average, £120 million more from data breaches.
The report added that monetary loss to investors as a result of sustained ‘severe’ and ‘catastrophic’ breaches are as high as £42bn, and that an average of 1.8 per cent is wiped off share prices of all listed companies following cyber-attacks and data breaches.
The 2013 data breach took away over a billion users’ names, email addresses, phone numbers, dates of birth and hashed passwords. As per Yahoo, the data breach also took away “encrypted or unencrypted security questions and answers”, and the company alleged that the cyber-attack was state-sponsored.
The gigantic hack was followed by another one in 2014 which compromised another 500 million user accounts. In August of last year, a hacker put up 200 million Yahoo users’ accounts for sale on the Dark Web for three Bitcoins (£1,370). Yahoo has since invested in detailed forensic investigation to detect the data breach and to ensure that user accounts are no longer compromised.