The second major hack of Yahoo! Inc. user accounts is unlikely to derail Verizon Communications Inc.’s $4.83 billion acquisition of the tech giant, with investors and the public becoming inured to near-daily disclosures of cyberattacks.
Hundreds of U.S. companies fall prey to hackers every year and, in many cases, the data breaches neither hurt bottom lines nor scare away customers for too long. After initial anxieties ease, everyone generally moves on. Experts say the same holds true for Yahoo and Verizon.
“I tend to not feel like these hacks are that big of a deal in the broader scheme of things,” said Michael Mahoney, senior managing director at Falcon Point Capital, which invests in wireless companies. “Obviously they can be damaging. But it doesn’t take too long before people forget about it.”
In the U.S. especially, data breaches continue to mount. Within the past few years, hackers have infiltrated Sony Corp., Target Corp., Home Depot Inc., JPMorgan Chase & Co., auction site EBay Inc. and health insurer Anthem Inc. Almost 1,000 data breaches, including Yahoo’s, occurred in the U.S. just this year, according to the Identity Theft Resource Center.
And in all, more than 35 million critical personal records, including social security and passport numbers and medical and banking data, were exposed in 2016.
But Yahoo’s is one of the largest-scale data breaches reported to date. The Sunnyvale, Calif.-based company said that cyber-thieves in 2013 siphoned information from more than 1 billion Yahoo accounts, including users’ email addresses, scrambled account passwords and dates of birth, data that allow criminals to go after more sensitive personal information elsewhere online.
It was the second disclosure of a major data breach since Verizon agreed to buy Yahoo.
In September, the tech company revealed that more than 500 million users’ data had been hacked in a separate, state-sponsored attack in 2014.
“There are many breaches with many entities that have these types of breaches occurring,” said Eva Casey Velasquez, CEO of the Identity Theft Resource Center.
Since Target’s data breach in 2013, public sentiment has shifted, Velasquez said. “People know what a data breach is. But because it did become so ubiquitous in our conversation, there’s a little bit of apathy.”
And not all breaches are created equal, said Emily Mossburg, a principal at cyber-risk services practice at Deloitte & Touche LLP. Stolen names and account information don’t necessarily have a “broader impact.”
Costs of data breaches have been substantial but not devastating.
Target and Home Depot estimated that their data breaches resulted in about $200 million each in expenses not covered by insurance. Those are minimal amounts for big companies their size.
And depending on the type of hack and the data stolen, Yahoo’s legal liability may be negligible. Benjamin Dean, president of Iconoclast Tech, a data-security consultant, said Yahoo is unlikely to incur large losses as a result of recent class-action lawsuits.
“The track record for successful class actions relating to stolen non-payment card data isn’t good,” Dean said. “Those bringing the class action typically have to show material damage due to the data lost in a breach – and this has proven difficult to show or prove.”