Stanford CIS

Record breach

on

"As to how regulators might take on enforcement, Northeastern University professor Andrea Matwyshyn, who has advised the FTC on data security policy, said that a major question regulators going forward is the lack of precedent for something like the Yahoo hack. The SEC, for example, would handle an investigation pertaining to whether investors were properly advised of the risks of a major breach. But it’s not clear what the SEC might do.

“Because of the limited case data and enforcement history, we don’t have a legal sense of what the SEC views as adequate [disclosure of risk],” Matwyshyn said. As for the FTC, which doesn’t publicly announce such investigations, Matwyshyn added that “certainly this kind of a security breach is consistent with the attack patterns that have given rise to FTC investigations in the past.””"

Published in: Press , Yahoo , Data Breaches , Privacy