Yahoo and Verizon have agreed to reduce the price of the acquisition deal by $350 million in the wake of two massive cyberattacks, the largest in history, exposing more than a billion accounts.
The companies said Tuesday that Verizon will pay less for Yahoo’s operating business as a result of the two hacks, and both companies will share some legal and regulatory liabilities.
The deal, now valued at about $4.48 billion in cash, is expected to close in the second quarter.
That $350 million may seem like a lot. On the face of it, compared to similar data breaches, it’s the largest financial ding we could find, not including state or federal fines (which are rare anyway).
Yahoo’s price reduction accounts for about $1.55 per Yahoo Mail customer — roughly 225 million users as of February.
Or, looking at it another way, the figure accounts for roughly $0.35 for all of the historical billion customers, many of which have long since left the service.
Yahoo’s $1.55 may not seem much for what was in some cases passwordless access to email accounts, though it’s still early days, given that companies take out cybersecurity insurance but also may face class action suits, and other civil and criminal financial penalties.
By comparison, Target was forced to pay about $162 million — or roughly $4.05 per victim — following a cyberattack that exposed over 40 million credit cards.
Target’s former chief executive Gregg Steinhafel resigned following the hack.
Home Depot, which was hit by a similar heist of 50 million credit cards, paid about $62 million in 2014 — or about $1.24 per customer — but about half of that was covered by insurance.
The other way to look at it is that in terms of Target’s and Home Depot’s sales, their payouts were less than 0.1 percent of their respective annual sales for the years of their breaches, according to analysis.
The math is fairly simple. The cost of data breaches is usually pocket change to the companies, and it’s an easier sell at the executive board compared to burgeoning costs of security improvements.
Source: SANS ISC SecNewsFeed @ February 21, 2017 at 08:27AM