About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

66 Am. U. L. Rev. 1231 (2016-2017)
Corporate Directors' and Officers' Cybersecurity Standard of Care: The Yahoo Data Breach

handle is hein.journals/aulr66 and id is 1275 raw text is: 








  CORPORATE DIRECTORS' AND OFFICERS'
     CYBERSECURITY STANDARD OF CARE:
             THE YAHOO DATA BREACH


          IAWRENCEJ.   TRAUTMAN* AND PETER C. ORMEROD**


   On  September 22, 2016, Yahoo! Inc. (Yahoo) announced   that a data
breach and  theft of information from over 500 million user accounts had
taken place during 2014,  marking the largest data breach ever at the time.
The  information stolen likely included names, birthdays, telephone numbers,
email  addresses, hashed passwords,  and,  in  some  cases, encrypted or
unencrypted security questions and answers. Yahoo further disclosed its belief
that the stolen data did not include unprotected passwords, payment card
data, or bank account information. Just two months before Yahoo disclosed
its 2014  data breach, it announced a proposed sale of the company's core
business to Verizon Communications. Then, during mid-December 2016,
Yahoo   announced   that another 1  billion customer accounts  had  been
compromised  during 2013, a new record for largest data breach.
   Social media and electronic commerce websites face significant risk factors,
and  an  acquirer may inherit cyber liability and vulnerabilities. The fact
pattern in this announced acquisition raises a number of important corporate
governance issues: whether Yahoo's conduct leading up to the data breaches
and  its subsequent conduct constituted a breach of the duty to shareholders to
provide security, the duty to monitor, the duty to disclose, or some combination
thereof the impact on Verizon shareholders of the acquisition price renegotiation
and  Verizon's assumption of post-closing cyber liabilities; and whether more
drastic compensation clawbacks for key Yahoo executives would be appropriate.

    *  Assistant Professor of Business Law and Ethics, Western Carolina University. JD,
 Oklahoma City University School of Law; MBA, The George Washington University, BA,
 American  University.     Mr.   Trautman    may    be    contacted   at
 Lawrence.J.Trautman@gmail.com.
   **  Professor of Constitutional Law and Business Law, Western Carolina University.
JD, The George Washington University Law School; BA, The George Washington University,
magna cum laude. Mr. Ormerod may be contacted at ormerod.peter@gmail.com.


1231

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most