Verizon Communications’ top lawyer said the Yahoo disclosure last month that info on more than 500 million email accounts was stolen by hackers represents a “material” event and that the breach could lead to the telco abandoning its proposed $4.8 billion takeover of the flagging internet company’s core businesses.
“I think we have a reasonable basis to believe right now that the impact is material and we’re looking to Yahoo to demonstrate to us the full impact,” Craig Silliman, Verizon’s general counsel and executive VP of public policy, told reporters Thursday in Washington, D.C., according to Reuters. “If they believe that it’s not, then they’ll need to show us that.”
Analysts don’t expect Verizon to pull the plug on the Yahoo deal but said the hacking disclosure might lead it to renegotiate the financial terms.
Asked to comment, a Yahoo rep said, “We are confident in Yahoo’s value and we continue to work towards integration with Verizon.”
After Yahoo announced the user-info breach on Sept. 22, Verizon said that it had only been informed of the scope of the breach two days prior. In a Sept. 27 letter to Yahoo CEO Marissa Mayer, six U.S. senators demanded answers about the hack and why the company failed to report the incident until two years after it occurred.
In the wake of the disclosure, Verizon has been seeking to trim $1 billion off the price tag of its proposed deal for Yahoo, the New York Post reported last week. Silliman declined to discuss whether Verizon was negotiating a lower price.
Yahoo reached a deal in July to sell its core web businesses to Verizon for $4.8 billion, plus an estimated $1.1 billion in payments for restricted stock at closing. The telco sees synergies in combining Yahoo with AOL (which it bought for $4.4 billion last year) to achieve greater audience and advertising scale.
Then, two months later, Yahoo said a “state-sponsored actor” broke in its network in late 2014 and stole usernames, hashed passwords, and other personal info for at least 500 million accounts worldwide.
The disclosure of the massive two-year-old security breach has raised questions about when Yahoo knew about the hack and the nature of its severity. In a Sept. 9 proxy statement, Yahoo said it was not aware of any security breaches. That was after Yahoo had acknowledged in early August that it was investigating a report that a Russian cybercriminal was advertising the sale of 200 million Yahoo user accounts in a black-market online forum, as first reported by Vice’s Motherboard.
Meanwhile, Yahoo’s reputation took another hit after a Reuters report that the internet company had set up a system to secretly scan hundreds of millions of Yahoo email accounts at the request of either the NSA or FBI. Yahoo denied that such an email-scanning system exists and said, “We narrowly interpret every government request for user data to minimize disclosure.”
Yahoo has advised users to change their passwords if they haven’t done so since 2014, but many users are choosing to delete their accounts. However, the company’s email service disabled automatic email forwarding at the beginning of October, making it difficult for users to switch to another service, as first reported by the Associated Press. Yahoo says it is working to restore the feature.
Verizon’s deal for Yahoo has been approved by the Federal Trade Commission, according to Silliman, but the transaction is awaiting approval from the European Commission and the U.S. Securities and Exchange Commission. Previously, the companies had said they expect the deal to close in the first quarter of 2017.
Yahoo has enlisted New York-based communications firm Joel Frank, which specializes in crisis PR, in dealing with the aftermath of the hack coming to light. The breach is the single biggest exposure of user data to date, and Yahoo’s costs associated with the incident could run into the tens of millions of dollars, according to security experts.