Web service provider Yahoo has been fined £250,000 by the Information Commissioner’s Office (ICO) after it failed to prevent a 2014 Russia-sponsored hack.
With over half a million email accounts compromised, the personal data of 500 million user accounts worldwide were affected, something which was only revealed in 2016.
Following an investigation carried out under the Data Protection Act 1998, the watchdog said that the internet firm had “failed to prevent” the attack and that appropriate measures were not taken.
James Dipple-Johnstone, the ICO’s deputy operations commissioner said: “The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”
Since the breach, Yahoo has been acquired by Verizon following a merge with fellow original internet firm AOL.
Dipple Johnstone continued saying that: “We accept that cyber-attacks will happen and as the cybercriminals get shrewder and more determined, the protection of data becomes even more of a challenge.”
He also stated that the appropriate steps must be taken to protect customer data. Although the breach is particularly large, Yahoo suffered a similar breach in 2013 that affected over 1 billion accounts, which was also revealed in 2016.