Yahoo's data processing at time of breach did not meet EU law

Yahoo's data processing operations did not meet EU law at the time of a major breach.

A report into a hack that affected 500 million users in 2014 has been completed by Ireland's Data Protection Commission (DPC) today.

It noted the breach was one of the largest ever to impact EU citizens, affecting approximately 39 million European users.

Yahoo’s European headquarters are in Dublin’s Point Village in the docklands.

It is the largest breach which has ever been notified to and investigated by the DPC.

The breach was reported in 2016 and involved the unauthorised copying and theft of Yahoo users account data in 2014.

Yahoo is now required to take a number of steps in order to be compliant with EU law.

    The findings made by the DPC include the following:

  • Yahoo’s oversight of the data processing operations performed by its data processor did not meet the standard required by EU data protection law and as given effect or further effect in Irish law;
  • Yahoo relied on global policies which defined the appropriate technical security and organisational measures implemented by Yahoo. Those policies did not adequately take into account Yahoo’s obligations under data protection law; and
  • Yahoo did not take sufficient reasonable steps to ensure that the data processor it engaged complied with appropriate technical security and organisational measures as required by data protection law.

The DPC will monitor the web service provider.

More in this Section

Accumulated profits at Graeme McDowell firm climb to $17.4m

Struggling Debenhams to cut nearly 100 jobs

GSK to close Sligo site with loss of 165 jobs

Adare Manor named Hotel of the Year at international awards

Today's Stories

Doubts Donald Trump’s growth spurt can be sustained

More From The Irish Examiner