An update regarding the internal, independent board committee investigation of two massive Yahoo hacks, released yesterday along with a 10-K financial filing for the company for 2016, reveal a little more about who knew what and when concerning data breaches. The documents also display, according to the Associated Press, a company punishing its CEO, Marissa Mayer, for her role handling the damaging hacks.
Although the two hacks were carried out by an unnamed foreign state in 2013, they were revealed in their full scope to the public only as recently as last year, as the company sought to sell itself to Verizon. The Chronicle summarizes the report, which now claims that Yahoo senior executives and the company's legal team were aware of at least one 2013 hack as soon as a year after it took place, and though they “had sufficient information to warrant substantial further inquiry in 2014... they did not pursue it.” Calling out Yahoo's legal department, the report claims that the incident "was not properly investigated and analyzed at the time."
The fallout for Mayer, who is still at the helm of the company and will presumably remain so until such time as the sale to Verizon goes through, is a more financial insult than blow. She's being denied an annual bonus, which could be as much as $2 million, and a stock award worth millions more — but with a net worth of more than $400 million, she's expected to survive.
"When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies." Mayer wrote on her Tumblr blog, implying that, even if she knew of a hack in 2014, she wasn't or couldn't have been aware of its scope. "However, I am the CEO of the company," she goes on, "and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016." It's unclear if the board is cool with that plan, by the way.
Meanwhile, Ronald Bell, Yahoo's general counsel, has resigned without severance pay according to the filing, which Vanity Fair portrays as unjust. [S]omebody’s head had to roll. That unlucky sap turns out to be Ron Bell," they write, characterizing him as the fall guy. Meanwhile, if Mayer leaves after the Verizon merger goes through, she's in line to receive a $44 million severance package.