Irish data regulator steps up Yahoo hack probe, waits on email scanning
Ireland's Data Protection Commissioner (DPC) said it had stepped up its examination of the theft of user information for 500 million Yahoo accounts and that it was awaiting information from Yahoo on allegations it helped the US government scan users' emails.
Yahoo revealed in September that hackers had stolen the data in 2014. US politicians have criticised the delay in notifying customers.
In October, sources told Reuters that Yahoo used a software programme to sift through millions of emails for specific information related to national security.
Yahoo said there was not yet a formal investigation into the hacking of user data.
"They are not actively investigating," spokesman Charles Stewart said.
"They are examining. There is a distinction for them between examining and investigating," he added
DPC spokeswoman MB Donnelly said the DPC had moved on from its initial steps of making preliminary inquiries to trying to ascertain whether EU laws may have been broken.
"We are in regular contact with Yahoo EMEA (Europe, Middle East and Africa) in clarifying certain facts of this case and will then proceed to take appropriate next steps," she said in a statement.
The DPC is the lead European regulator on privacy issues for Yahoo because the company's European headquarters are in Dublin.
Donnelly said the probe of the email scanning programme was at its early stages.
"Regarding the allegations of email scanning, our position remains that we have made initial enquiries with Yahoo and that we are continuing with our preliminary assessment of the matter," she said in an emailed statement.
The DPC declined to say if it had received any information from Yahoo about the incident.
Stewart said the DPC had indicated to Yahoo that it was not examining the email scanning programme.
“Based on what I have heard from them and read, they are not, but I can’t confirm that,” he told Reuters.
The DPC declined to comment on this remark.
Yahoo is precluded by law from publishing details of the surveillance order the company had received from the US authorities.
Last month the company asked US Director of National Intelligence James Clapper to declassify the order so it could provide users with more information.