Yahoo’s security breach debacle continues to take a toll on the company and the latest victim include company’s top lawyer Ronald S Bell and bonus of CEO Marissa Mayer.
According to reports Bell has resigned from his post while the company’s board has severed Mayer’s bonus after an investigation of the 2014 security breach concluded that quite a few senior executives, company lawyers and information security staff were aware of the security breach and also knew about subsequent attempts to break into the affected accounts in 2015 and 2016 but failed to “properly comprehend or investigate” the situation.
While the board did find that proper investigation wasn’t carried out, it didn’t conclude that there was an intentional suppression of relevant information.
Yahoo confirmed that Bell has resigned from his post and will be receiving no payments in connection with his departure. He “appeared to be taking the blame for the company’s security failures”. The company’s chief information security officer at the time of the 2014 breach, Alex Stamos, left for Facebook in 2015 after repeated battles with Mayer over security priorities.
The hackers, which Yahoo believes were connected to a foreign government, used the stolen information to forge a type of software called a “cookie” that could be used to access 32 million Yahoo accounts, the company said.
Mayer, who will also give up her 2017 equity compensation in connection with the incident, said she did not learn of the breach until September 2016.
“However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year,” she wrote.
Under Mayer’s employment agreement, her annual target bonus is $2 million a year and her annual stock award is supposed to be no less than $12 million a year. Her base salary is $1 million a year.
Yahoo said it had revised its procedures for responding to cybersecurity incidents, including the reporting of such incidents to senior executives and the board.
The company has incurred $16 million in direct costs so far related to the breaches.