Material Adverse Hack
Just when Yahoo’s decade-long path to irrelevance looked nearly over, the beleaguered internet firm has a new embarrassment. On Thursday, Yahoo disclosed the theft of data from 500 million user accounts in 2014. The breach, by what the company reckons is a state-sponsored hacker, could have a big enough impact to test the $4.8 billion sale of Yahoo’s core business to Verizon Communications.
The information stolen includes people’s email addresses, birth dates, telephone numbers, some passwords and even security answers. It doesn’t help that the number of users affected is believed to be the biggest security breach ever, a well-known cryptologist told Reuters.
Fallen internet darling MySpace was compromised in 2013. The breach involving some 360 million accounts wasn’t made public until May this year. LinkedIn, which in June agreed to be bought by Microsoft for $26 billion, has also been hacked. Sony Pictures, retailer Target, giant bank JPMorgan, health insurer Anthem and many more are also in the victims’ club.
Yahoo, though, is in the midst of its deal to sell its search and advertising operations to Verizon. The company run by Marissa Mayer represented in the merger agreement, signed in late July, that it was unaware of any material security breach at the time. The first news reports hinting at the theft surfaced soon after. Now that the company has confirmed it, it gives Verizon a lever to negotiate down its acquisition price or, in the extreme, get out of the deal.
Verizon issued a statement that left all its options open for now. The U.S. telecommunications giant actively pursued Yahoo, so it may have no intention of backing out. Hacks cost money to fix, but not always that much. A bigger issue may be the hit to Yahoo’s reputation and the barrage of privacy-related litigation, credible and otherwise, that might ensue.
Either way, the timing of the episode will force M&A bankers and lawyers to explore fairly new territory as they assess how damaging the breach really is for Yahoo’s business. If the Verizon deal is derailed, at least that should awaken any corporate chiefs who aren’t yet taking the risk of hacking seriously enough.