Yahoo's data processing at time of breach did not meet EU law

Yahoo's data processing operations did not meet EU law at the time of a major breach.

A report into a hack that affected 500 million users in 2014 has been completed by Ireland's Data Protection Commission (DPC) today.

It noted the breach was one of the largest ever to impact EU citizens, affecting approximately 39 million European users.

Yahoo’s European headquarters are in Dublin’s Point Village in the docklands.

It is the largest breach which has ever been notified to and investigated by the DPC.

The breach was reported in 2016 and involved the unauthorised copying and theft of Yahoo users account data in 2014.

Yahoo is now required to take a number of steps in order to be compliant with EU law.

    The findings made by the DPC include the following:

  • Yahoo’s oversight of the data processing operations performed by its data processor did not meet the standard required by EU data protection law and as given effect or further effect in Irish law;
  • Yahoo relied on global policies which defined the appropriate technical security and organisational measures implemented by Yahoo. Those policies did not adequately take into account Yahoo’s obligations under data protection law; and
  • Yahoo did not take sufficient reasonable steps to ensure that the data processor it engaged complied with appropriate technical security and organisational measures as required by data protection law.

The DPC will monitor the web service provider.

More in this Section

Interest rate hike looms in just 11 months

Markets braced for Italy and Saudi tensions

Food firms look to Europe

Hotel revenue rising across the country, report shows

Breaking Stories

6 secrets for a smoother journey when flying with a newborn baby

More From The Irish Examiner