Skarbek Associates’ CEO Paul Heugh was quoted in the Financial Times’ article Marissa Mayer knew of Yahoo breach probe in July published 24th Septmeber 2016.
Marissa Mayer has known since July that Yahoo was investigating allegations of a serious data breach, according to a person briefed on internal discussions, raising questions about whether the internet chief withheld information from investors, regulators and its acquirer Verizon until this week.
Verizon, which agreed a $4.8bn bid for Yahoo’s core business in July, said it had been informed as recently as this Tuesday, 10 days after a September 9 regulatory filing to the US Securities and Exchange Commission in which Yahoo said it had no knowledge of “any incidents” of “security breaches, unauthorised access or unauthorised use” of its IT systems. “Marissa was aware absolutely — she was aware and involved when Peace surfaced this allegation in July,” the person briefed on Yahoo’s discussions said.
“[She] was part of the investigation and conversation from the very beginning and along with the team every step of the evidentiary gathering and analysis process. In fact, the key executive team has been engaged from the very beginning.”
In its SEC filing earlier this month, Yahoo also confirmed that to its knowledge, the company had not received any notice of any claims or investigations relating to personal data that could “reasonably be expected to have a Business Material Adverse Effect”.
“If I were in Verizon’s boardroom I’d be very worried. You have to go back into every single assumption behind the valuation and redo it,” said Paul Heugh, chief executive of M&A consultancy Skarbek Associates.
“Naturally such a breach will cause concern at board level for those involved in the M&A process and eventual purchase of Yahoo,” said Richard Cassidy, UK cyber security evangelist at Alert Logic, a security technology company. “Questions need to be answered on why external communication has been withheld for so long.”
Jonathan Kewley, a cyber security specialist at Clifford Chance, the law firm, said that insufficient attention is paid to security issues during the due-diligence process around an acquisition.
“This is unprecedented in its timing, in that the deal is still between signing and closing,” he said. “This will affect the reputation of the business, it will cost money to fix and it will take a long time — the consequences of this will go on for many months, if not years.”