Yahoo’s board said it would not pay an annual bonus to CEO Marissa Mayer for 2016 — citing the theft of info on hundreds of millions of user accounts that happened on her watch — while general counsel Ron Bell has resigned.
The disclosure last year by Yahoo of two massive user-data breaches that occurred in 2013 and 2014 led Verizon to lop $350 million from the purchase price for Yahoo’s internet businesses, lowering the value of the deal to about $4.48 billion in cash. The deal is expected to close in the second quarter of 2017.
In a 10-K filing Wednesday with the SEC, Yahoo said that in addition to not paying Mayer a cash bonus for 2016 that was otherwise expected to be paid to her, she offered to forgo any 2017 annual equity award.
Bell resigned effective March 1, and “no payments are being made to Mr. Bell in connection with his resignation,” Yahoo said. The board’s independent committee investigating the hacks said it found that “the relevant legal team had sufficient information to warrant substantial further inquiry in 2014 [with the initial discovery of 26 compromised user accounts], and they did not sufficiently pursue it.”
Mayer, in a post Wednesday on Yahoo’s Tumblr, attempted to convey her responsibility for the hacks.
“When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies,” Mayer wrote. “However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.”
Yahoo’s unprecedented data thefts had threatened to derail the Verizon deal. In September, Yahoo announced that information on at least 500 million email accounts was stolen by “state-sponsored” hackers in 2014. Then in December Yahoo said data from more than 1 billion user accounts was stolen by an unknown party in 2013.
Mayer’s annual base salary is $1 million. Yahoo hasn’t disclosed what her bonus last year would have been or the value of the 2017 stock grants she’s giving up, but for 2015 about 89% of her realized compensation was equity. As of Aug. 25, 2016, Mayer held Yahoo stock options and restricted stock units valued at $86.4 million, according to a company SEC filing.
In 2015, Mayer received a total compensation package worth $13.9 million, which included $12.4 million in stock grants and options, security services for which the company paid $544,061 and a bonus of $1,125 for being among the inventors named in a pending patent application. (Her actual pay package was less than the $36 million reported for accounting purposes because of a decline in the value of Yahoo’s stock.)
Once the Verizon deal closes, Yahoo will rename itself “Altaba Inc.,” and Mayer will resign from Altaba’s board along with six other current Yahoo board members. The new Altaba will primarily be an investment-holding company whose major asset will be shares of China’s Alibaba Group.
Mayer will join Verizon for at least an interim transition period after the transaction is final. Analysts expect AOL CEO Tim Armstrong to assume oversight of the combined AOL-Yahoo group.
Under the revised terms of Verizon’s acquisition of Yahoo’s operating businesses, Altaba will be responsible for 50% of any cash liabilities incurred following the closing related to non-SEC government investigations and third-party litigation related to the breaches. Liabilities arising from shareholder lawsuits and SEC investigations will continue to be the full responsibility of Altaba.
Yahoo, in the 10-K filing Wednesday, said it recorded expenses of $16 million related to the security incidents for 2016, comprising $11 million in legal costs and $5 million associated with “ongoing forensic investigation and remediation activities.” Yahoo said it expects “to continue to incur investigation, remediation, legal and other expenses associated with the Security Incidents in the foreseeable future,” adding that it does not have cybersecurity liability insurance.