Sunday 22 September 2019

Irish data police to probe Yahoo admission of 3bn email hack

The Irish data protection commissioner, Helen Dixon
The Irish data protection commissioner, Helen Dixon
Adrian Weckler

Adrian Weckler

The Irish data protection commissioner, Helen Dixon, says that her office is "determining the next steps" in investigating Yahoo.

The web company has admitted that its previous estimate of 1bn email accounts affected by a 2013 data breach undershot the mark. Instead, the company says, all 3bn Yahoo email accounts were compromised by the breach, in which names, email addresses, telephone numbers, dates of birth, hashed passwords and security questions were stolen by hackers.

"The Data Protection Commissioner was first notified by Yahoo EMEA in December 2016 of the data breach that was identified as having taken place in 2013," said Helen Dixon's office today.

"The DPC has been notified by Oath (EMEA), formerly Yahoo EMEA, of the further information that has been identified recently, relating to that same data breach incident. We are continuing to examine the facts that are being made available to us on that incident, so that we can determine next steps."

The privacy watchdog, which is Yahoo's primary data regulator in Europe because of the company's EU headquarters being located here, also has a second investigation into the web company underway.

"The DPC is at the closing stage of its investigation into the separate data breach incident that was first notified to the DPC in September 2016, identified as having taken place in 2014," said the office in a statement.

That breach is said to have affected 500m email accounts.

Yahoo's admission that its entire email database was compromised by hackers comes before strict new European rules on data protection come into force. Next May's General Data Protection Regulation (GDPR) will introduce fines up to €20m or 4pc of global annual turnover in egregious cases of data mismanagement.

Online Editors

Also in Business