The $1 billion price for Yahoo’s incompetence3 min read . Updated: 16 Dec 2016, 12:14 PM IST
The Yahoo intrusion was incredible in both its scope and the inability of its target to identify and stop it
New York: Yahoo can’t help being Yahoo, the technology industry’s most hapless company. And now the market is betting the company’s incompetence might cost shareholders $1 billion or more.
Yahoo Inc.’s latest embarrassing stumble was a disclosure on Wednesday that cyberthieves in 2013 siphoned information from more than 1 billion Yahoo accounts, including users’ email addresses, scrambled account passwords and dates of birth. Criminals could use the information to go after more sensitive personal data elsewhere online. Yahoo previously disclosed a likely separate cyberattack that involved at least 500 million accounts.
Look out below
We’ve all become inured to near daily disclosures about hacking attacks, from Home Depot to the Democratic National Committee. But the Yahoo intrusion was incredible in both its scope and the inability of its target to identify and stop it. Thieves seemingly had free rein inside of Yahoo’s systems to roam around and collect user data. People rely on the world’s internet companies to protect their personal information, and Yahoo gets an F- grade for that important responsibility.
Of course, the big question for months about Yahoo’s security lapses is whether they will scare off Verizon Communications Inc., which agreed in July to buy Yahoo’s web business for $4.8 billion. Verizon has said before that Yahoo’s lack of transparency about the prior cyberattack might jeopardize the acquisition or justify a lower price.
After Yahoo’s latest embarrassment, Bloomberg News reported that Verizon was working toward either killing the Yahoo deal or negotiating a lower purchase price.
The stock market is already placing its bets on the damage. As of midday market trading Thursday, Yahoo shares declined about 4.4%, eroding $1.7 billion in stock market value. Remember that the majority of Yahoo’s value is derived from its stakes in two independent internet giants, Alibaba Group Holding Ltd. and Yahoo Japan Corp. After factoring in Alibaba’s share price decline Thursday and making some assumptions about potential tax hits on Yahoo’s stakes, the value of Yahoo’s core internet business declined by roughly $1.3 billion in the hours since the latest cyberattack disclosure.
In other words, the wisdom of the stock market is Yahoo’s cyberstumbles may cost shareholders more than $1 billion in a reworked Verizon acquisition.
I’ve argued before that Verizon was right to have misgivings about Yahoo’s apparent failures to be forthcoming about its cyberattacks but that it had little choice but to hold its nose and move ahead with the deal more or less as is. Now I’m not so sure.
Litigation and other problems will stem from Yahoo’s data breach, and Verizon needs to assess the potential financial hit from those headaches and whether they hurt Yahoo’s already shaky financial results. Odds are that Verizon will proceed with its Yahoo deal, but under the circumstances it is justified in seeking a cyberuncertainty discount on the toy it plucked from the remainders bin.
Progress, by Yahoo’s standards
If the market bets are right and Verizon shaves its acquisition price by $1 billion or more, Yahoo CEO Marissa Mayer may have hit an inglorious milestone: Overseeing perhaps the costliest corporate cyberattack in history.
Target Corp. has estimated its hulking data breach disclosed three years ago resulted in more than $200 million in expenses not covered by insurance. After JPMorgan Chase & Co. disclosed a cyberattack in 2014, the bank said it was increasing its yearly cybersecurity spending from about $250 million to more than $600 million expected in 2016. Yahoo’s cyberintrusions will be even more costly if Verizon walks away or reworks its purchase of Yahoo’s internet businesses.
Mayer’s track record at Yahoo is already marred by Yahoo’s many financial stumbles, although it’s also fair to point out that the company was spiraling before she took over in 2012. The cyberattacks, however, belong squarely to her.
By some accounts, she and her team took risks that left Yahoo exposed and ignored warnings from the company’s own security staff. People have short memories about cyberattacks. But if the data breaches result in a reworked Verizon deal, Yahoo’s string of security failures should stick to Mayer permanently and tarnish her record. Bloomberg