Following the 2014 data breach that left some 500 million users affected, the company formerly known as Yahoo has agreed to pay a $35 million penalty to settle charges that it misled investors for failing to disclose the breach. The Securities and Exchange Commission states that Yahoo's security knew about the attack within days, but failed to disclose it until more than 2 years later. I wonder how much the fine will be for the 2013 attack that wasn't disclosed until 2016 where 1 billion accounts were compromised, making it the largest security breach in history. At least the fine was more than the CEO got paid for getting fired over it. I'd guess that Verizon is having $4.48 billion in buyers remorse since no one has even heard of "Altaba" Thanks to cageymaru for the story. “We do not second-guess good faith exercises of judgment about cyber-incident disclosure. But we have also cautioned that a company’s response to such an event could be so lacking that an enforcement action would be warranted. This is clearly such a case,” said Steven Peikin, Co-Director of the SEC Enforcement Division.