The penalty round at Yahoo has begun.
Yahoo didn’t just suffer one massive data breach last year, but two — and there is evidence that the firm ignored warnings that the breach was underway until it was far, far too late. And as of yesterday, the punishments started rolling out.
Marissa Mayer, Yahoo’s CEO, will not be getting her bonus this year, as the board has voted to revoke it. According to a company filing Wednesday (March 1), the board noted that said bonus “was otherwise expected to be paid to her.”
Mayer has additionally chosen to give up her equity grant for 2017. How much that amounts to exactly is unknown — but the minimum figure (based on the terms of her contract) would be in the neighborhood of $12 million.
“I am the CEO of the company and … this incident happened during my tenure,” Mayer said in a statement. “[I] have expressed my desire that my bonus be redistributed to our company’s hardworking employees.”
Mayer is not alone in the penalty box — Ron Bell, Yahoo’s general council, resigned following an independent investigation into the breaches. That investigation concluded that Yahoo’s legal team had enough information to begin investigating the hack as far back as 2014, but did not chose to “sufficiently” review the issue.
“While significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not properly comprehend or investigate [the breach],” the company said in its filing.
Between Yahoo’s two major breaches last year — around 1.5 billion consumers worth of data was hacked.
The breaches threatened to upend Verizon’s deal to buy Yahoo’s core internet assets for $3.8 billion. After extensive negotiations, the two firms settled on cutting the acquisition price by $350 million and splitting the cost of any legal liabilities. That figure is high — but far below the $1 billion discount some analysts though Verizon would seek.
According the filing, Yahoo is at present facing around 43 class action lawsuits.