YAHOO is punishing CEO Marissa Mayer and jettisoning its top lawyer for the mishandling of two security breaches that exposed the personal information of more than 1 billion users and already have cost the company $350 million.
Mayer won’t be paid her annual bonus nor receive a potentially lucrative stock award because a Yahoo investigation concluded her management team reacted too slowly to one breach discovered in 2014.
Mayer took to her personal Tumblr page overnight to say she will be redistributing her annual bonus and equity stock to Yahoo employees.
“As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted,” Mayer wrote.
“When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies. However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016.”
Yahoo’s general counsel, Ronald Bell, resigned without severance pay for his department’s lackadaisical response to the security lapses.
Although Yahoo’s security team uncovered evidence that a hacker backed by an unnamed foreign government had pried into user accounts in 2014, executives “failed to act sufficiently” on that knowledge, according to the results of an internal investigation disclosed Wednesday. At that time, Yahoo only notified 26 people that their accounts had been breached.
The report didn’t identify the negligent executives, but it chastised the company’s legal department for not looking more deeply into the 2014 breach. Because of that, the incident “was not properly investigated and analysed at the time,” the report concluded.
Yahoo didn’t disclose the 2014 breach until last September when it began notifying at least 500 million users that their email addresses, birth dates, answers to security questions, and other personal information may have been stolen. Three months later, Yahoo revealed it had uncovered a separate hack in 2013 affecting about 1 billion accounts, including some that were also hit in 2014.
The breaches, the two biggest in internet history, have already exacted a major toll.
Yahoo already lowered the sales price of its email and other digital services to Verizon Communications from $4.83 billion to $4.48 billion to account for the potential backlash from the breaches. That deal was reached last July, two months before Verizon and the rest of the world learned about Yahoo’s lax security.
More than 40 lawsuits also have been filed seeking damages for the breaches. If Yahoo’s sale to Verizon is completed as expected later this year, a successor company called Altaba Inc. will be responsible for paying those legal claims. Yahoo’s handling and disclosure of the breaches is also under investigation by the Securities and Exchange Commission and the Federal Trade Commission. In a blog post on Yahoo’s Tumblr service , Mayer said she didn’t learn about the scope of the breaches until September and then tried to set things right. “However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant,” Mayer wrote.
In its report, Yahoo’s board said it decided to withhold a cash bonus that otherwise would have been paid to her. Mayer is eligible to receive a bonus of up to $2 million annually. The board said it accepted Mayer’s offer to relinquish her annual stock award, which is typically worth millions of dollars. Mayer said she wants the board to distribute her bonus to Yahoo’s entire workforce of 8,500 employees. The board didn’t say if it would do so. Losing her bonus and annual stock award probably won’t be too painful for Mayer, who is already rich after working for more than a decade as a top executive at Google and then as Yahoo’s CEO for the past 4 1/2 years. She is also in line for a $44 million severance package if she doesn’t go to work for Verizon after the sale closes.
Well there’s a corporate clean-up. How many corporate men have been duly docked? Good work Yahoo! @YahooFinance @marrisamayer https://t.co/edDYlgcCW7
— This is serious (@cr8tiv1) March 1, 2017