Corporate Directors' and Officers' Cybersecurity Standard of Care: The Yahoo Data Breach 66 American University Law Review 2016-2017

66 Am. U. L. Rev. 1231 (2016-2017)
Corporate Directors' and Officers' Cybersecurity Standard of Care: The Yahoo Data Breach

handle is hein.journals/aulr66 and id is 1275 raw text is:

CORPORATE DIRECTORS' AND OFFICERS'
CYBERSECURITY STANDARD OF CARE:
THE YAHOO DATA BREACH

IAWRENCEJ. TRAUTMAN* AND PETER C. ORMEROD**

On September 22, 2016, Yahoo! Inc. (Yahoo) announced that a data
breach and theft of information from over 500 million user accounts had
taken place during 2014, marking the largest data breach ever at the time.
The information stolen likely included names, birthdays, telephone numbers,
email addresses, hashed passwords, and, in some cases, encrypted or
unencrypted security questions and answers. Yahoo further disclosed its belief
that the stolen data did not include unprotected passwords, payment card
data, or bank account information. Just two months before Yahoo disclosed
its 2014 data breach, it announced a proposed sale of the company's core
business to Verizon Communications. Then, during mid-December 2016,
Yahoo announced that another 1 billion customer accounts had been
compromised during 2013, a new record for largest data breach.
Social media and electronic commerce websites face significant risk factors,
and an acquirer may inherit cyber liability and vulnerabilities. The fact
pattern in this announced acquisition raises a number of important corporate
governance issues: whether Yahoo's conduct leading up to the data breaches
and its subsequent conduct constituted a breach of the duty to shareholders to
provide security, the duty to monitor, the duty to disclose, or some combination
thereof the impact on Verizon shareholders of the acquisition price renegotiation
and Verizon's assumption of post-closing cyber liabilities; and whether more
drastic compensation clawbacks for key Yahoo executives would be appropriate.

* Assistant Professor of Business Law and Ethics, Western Carolina University. JD,
Oklahoma City University School of Law; MBA, The George Washington University, BA,
American University. Mr. Trautman may be contacted at
Lawrence.J.Trautman@gmail.com.
** Professor of Constitutional Law and Business Law, Western Carolina University.
JD, The George Washington University Law School; BA, The George Washington University,
magna cum laude. Mr. Ormerod may be contacted at ormerod.peter@gmail.com.

1231

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

What Is HeinOnline?

Purchase Access

Contact Us

Log In

NEED HELP?

CONTACT US

Get started

Subscribe to our Newsletter