One of the tests of a true lover of Christmas films is whether one can quickly identify the actress who played the wondrous Maureen O’Hara’s daughter in Miracle on 34th Street. The answer is…Natalie Wood. If you are of a certain age you’ll be amused to be reminded that Miracle on 34th Street received a ‘B’ rating (morally objectionable in part) from the Legion of Decency because Maureen O’Hara played a divorcée. I take it as a sign of moral progress that the Legion of Decency had the decency to disband, possibly after determining that its ratings actually were spurring people to see “salacious” films. As for Miracle on 34th Street, it overcame the harsh censure of the Legion of Decency to become a holiday treasure, a true gift that keeps on giving.  Another gift that keeps on giving, in the cyber world, is the ongoing travails of Yahoo.

You’ll recall that in September of this year, Yahoo announced it was the victim of what was then the largest breach in internet history, with 500 million accounts compromised. In its subsequent quarterly filing with the SEC, Yahoo noted the damage done by the breach, particularly the impact on Yahoo’s pending acquisition by Verizon.  Yahoo reported, “There is no assurance that the Sale transaction will be consummated in a timely manner or at all. In addition, the anticipated benefits of the Sale transaction may not be realized. Potential risks and uncertainties related to the Sale transaction include, among others:

  • the existence or occurrence of any event, change or other circumstance that could give rise to the termination of the Stock Purchase Agreement, which, in addition to other adverse consequences, could result in the Company incurring substantial fees, including, in certain circumstances, the payment of a termination fee to Verizon under the Stock Purchase Agreement;
  • risks that Verizon may assert, or threaten to assert, rights or claims with respect to the Stock Purchase Agreement as a result of facts relating to the Security Incident and may seek to terminate the Stock Purchase Agreement or renegotiate the terms of the Sale transaction on that basis;….

Yahoo also alertly forecast “Breaches of our security measures, such as the Security Incident, or perceived breaches, have caused and may in the future cause, the market perception of the effectiveness of our security measures to be harmed and cause us to lose users and customers.” In this regard the company was prescient. In the records are made to be broken department, last week Yahoo announced it had discovered another breach, this one affecting one billion accounts. Yahoo’s stock price quickly dropped six percent, and it became both the object of customer fury and subject of ridicule around the world. Ominously, many experts jumped in to advise Yahoo customers to close their accounts, and offered detailed instructions about so doing.  Germany’s cybersecurity authority criticized Yahoo for failing to adopt adequate encryption techniques and suggested German consumers should switch to other email providers.

The implications of the latest breach for Yahoo’s acquisition by Verizon are profound. Presumably, Verizon is keenly interested in Yahoo’s reach, which may be diminishing with each passing day. We can expect that some announcement about the future of the acquisition will be forthcoming shortly. In the meantime, senior executives at Yahoo may be feeling like they are living in Whoville while the Grinch steals Christmas. (Dr. Seuss for the uninitiated)

We wish each of you a Merry Christmas and a wonderful holiday season.

By Tom Davis, SDI Cyber Risk Practice
December 20, 2016