Jan. 23 (UPI) -- The Securities and Exchange Commission began a probe of whether Yahoo data breaches should have been reported sooner, people familiar with the matter said.
The SEC requires companies to report cybersecurity risks as they occur, and the agency's investigation centers on whether two data breaches were adequately disclosed. Yahoo said in September a state-sponsored hack, potentially compromising the data of 500 million Yahoo customers, occurred in 2014. Yahoo has not publicly explained why it took two years to announce the issue.
Three months later the company said a separate incident in 2013 may have exposed the private information of 1 billion users.
The SEC has been seeking a case to clarify what corporate action would run afoul of guidance, issued in 2011, which requires companies to report material cybersecurity risks and incidents if investors could be affected, The Wall Street Journal reported Monday.
The two data breaches have impacted Yahoo's sale to Verizon Communications Inc., which originally paid $4.8 billion for Yahoo but seeks a $1 billion discount since the hacks were revealed, the news website Tech Crunch said.