A news story that might have gone under the radar for most people during the run up to the presidential election was the hacking of Yahoo that stole the data of 500 million accounts. At this point you probably feel desensitized to the idea of information hacks, but in Yahoo’s case there are different reasons for concern. Announced publicly in September of last year, the hacking actually occurred two years prior in 2014.
The main issue of the Yahoo hack is not the idea of industrial or transnational espionage. It is not a foreign power trying to bring down the institutions or capitalism. While it is concerning that such a large amount of data and personal information was taken and potentially used improperly, privacy and security aren’t the main concerns of this data breach either. My main concern is: What took them so long to tell us? What reason could the company have for waiting two years to disclose that their data had been hacked?
As consumers, we put our faith in tech companies that they not only keep our information safe, but that they inform us whenever a breach occurs. Our relationship is built on trust and, like any other relationship, lying or hiding a mistake is even worse than just admitting the mistake in the first place. Obviously, hacking attempts, whether they be small or large in scale, occur frequently. And the SEC only requires that a company disclose a breach if it has a material effect on investors. There is ambiguity in the definition of "material," but to give context, Target disclosed a hack of credit card information that it suffered within weeks of it actually occurring. Waiting for two years to disclose such an incident is unacceptable. We deserve to know when the information that we put online is under threat. If we allow companies to keep such dangerous breaches under wraps, our world will become a much more dangerous place. We cannot be careful if we don’t even know where danger is.
It shouldn’t take bumping into someone in Moscow using your name and credit card to know that your identity has been stolen.