Yahoo Is Under Scrutiny for Delaying Disclosure of Its Massive Data Breach

The SEC is reportedly investigating

Just like consumers' data histories never fully disappear, the same goes for companies and their data woes.

The Securities and Exchange Commission is reportedly investigating whether Yahoo's decision to delay disclosure of its massive data security breaches last year complied with civil securities laws. According to a report in The Wall Street Journal, the investigation centers on whether the tech company let investors know soon enough after learning of being hacked.

According to the Journal, the investigation is focused on a breach in 2014, when at least 500 million users' profiles were compromised. However, the breach wasn't disclosed until nearly two years later, when in September 2016 the company admitted to being attacked by what some say were state-sponsored hackers. Then in December, Yahoo admitted that another 1 billion accounts were hacked all the way back in 2013.

A Yahoo spokesperson declined to comment on the investigation and referred Adweek to the Form 10-Q filed by the company in November. According to the filing, Yahoo said it is "cooperating with federal, state and foreign governmental officials and agencies seeking information and/or documents about the security incident and related matters."

The report comes on the same day that Yahoo is expected to report its fourth-quarter earnings, potentially the last time it'll do so before Verizon officially closes its acquisition of the company since first announcing it in July. Some people have wondered whether the data breach could affect the sale of the company. However, at Business Insider's Ignition conference in New York last month, Tim Armstrong, CEO of Yahoo's potential future sister company AOL, said he was "cautiously optimistic" everything would go through.