Yahoo recently disclosed that about a billion accounts had been hacked in a hacking attack that happened over three years ago. What is more of a concern to most customers is how long it took Yahoo to disclose this horrible truth to their customers. Most customers question why it should take a Company that long to disclose this vital security info to its customers considering that it's their personal details at risk.
According to Washington Post, This is not the first-time Yahoo has lost the war against hackers which leads us to question whether individuals should keep trusting them considering that their identity info is at stake. Yahoo's chief information security officer Bob Lord in a blog post wrote that it was Law Enforcement that informed them of the attacked that a third party possessed claiming that it was Yahoo's user data.
Further investigation proved that the data was indeed Yahoo's user data and that the company had been hacked around 2013 and didn't realize that until November 7th this Year. Another concern is the laws surrounding online Hacks reporting. These laws enacted by the US government are currently a major contributing factor to the delay of information to the public when a company is hacked.
These laws also vary with the state on how the hacking information or report is given to the public, when and to whom judging whether or not the information leaked may put the victim/victims at risk. Also, there is no law that requires a company to inform the public once it recognizes that it has been attacked. This is a major concern for most people and many doubts whether or not the government is taking this seriously.
Reported by Theconversation, even though Yahoo claimed that it believes the successful hack attempt was from a national government, the company hasn't proved this statement with any evidence on what country it originates from.
It is sad that a company that holds a lot of personal information on individuals could be hacked and not realize or inform its customers for such a long time. Hopefully, the company will find a way to reclaim the trust that it's users once had on the security of both their personal and financial data.