top of page


Verizon Communications Inc. signaled it may demand to renegotiate its $4.8 billion deal for Yahoo Inc. following the internet company's recent disclosure of a data breach that affected more than 500 million accounts.


As many of you know, Yahoo was subject to and confirmed the largest data breach in history....500+ million accounts. It goes without saying that the costs, both direct & indirect, that result from an occurrance like this can be staggerring if not catastrophic to your business. Consider Target for example: All in all, they incurred more than $250 million in expenses from the data breach of roughly 70 million customer records and credit cards between 2013 and 2014. Luckily, they had cyber insurance in place to cover $90 million of the costs, ultimately lowering the total net expenses to roughly $162 million after 2 years, 70 class action lawsuits and 4 shareholder derivative suits along the way.

"Target's staggerring data breach costs did not, however, include the 46% drop in sales in the company's profit from the same quarter 1 year prior to the incident."

The breaches of companies like Target, Anthem and now Yahoo, all have such direct consumer and reputational ramifications hat the conversation around how seriously a company takes cyber security has significantly moved away from just an "IT Department Issue," but one that reaches the highest executives of the company who are now liable.

We are now at the point where it is critical that your organization effectively assessess and continues to monitor your cyber risk profile and implement adequate cyber security solutions to keep you protected. This is particularly important when considering the expected Mergers & Acquisitions activity that your firm is likely to incur over the year. A well documented, tested and implemented cyber security plan can change a given organization's valuation overnight.

"Many merger agreements contain provisions allowing buyers to withdraw from deals if the value of a transaction has been hurt by a significant development and/or material change in operations or risk."

Legal experts said the contract language gives Verizon leverage to renegotiate or even walk away because of the security breach, but enforcing material adverse change clauses is difficult and courts have resisted their use. In 2007 a Delaware court blocked Hexion Specialty Chemicals' attempt to walk away from a deal to buy Huntsman Corp. after its rival's earnings fell. But in 2011, private-equity firm Cerberus walked away from a deal to buy hotel company Innkeepers citing turmoil in financial markets, and later struck a new deal that was $100 million lower.

Looking to renegotiate the deal could bring risks for Verizon as well. Several suitors, including private-equity firms and a group led by Quicken Loans founder Dan Gilbert, have closely studied Yahoo's business and made bids to acquire the business. If the Verizon-Yahoo deal gets terminated, Yahoo may be required to pay Verizon relatively small termination fee of $145 million in certain circumstances. In the days after disclosing the breach, Yahoo's investor relations team called analysts and major investors. In those calls, Yahoo officials said they couldn't comment on whether the breach was a material adverse change that would upend the deal -- but then laid out an argument for why it probably wouldn't fall into this category, a person familiar with the matter said.

At a meeting in Verizon's Washington offices on Thursday, General Counsel Craig Silliman said it was "reasonable" to believe that the breach represented a material event that could allow it to change the terms of the takeover. He said it was up to Yahoo to prove the full impact of the data leak and prove it wasn't material.

"If they believe that it's not, then they'll need to show us that," said Mr. Silliman, who has been leading Verizon's review of the situation.

Yahoo's team argued that if the user experience changed due to the breach, the "consequences" were already baked into the company's results, the person said. Yahoo officials also said they considered the hack to be low risk because all stolen user passwords were encrypted. Yahoo also told investors there was no financial fraud because the breach came from a state-sponsored actor, who the company didn't believe would be interested in using financial data, the person said. Particularly as Yahoo is an online based organization, chairman of the data-security research firm, Ponemon Institute, was quoted in stating:

"One of their crown jewel assets is the audience. What this does is it basically puts the value of that asset as a lot less." - Larry Ponemon

Verizon is waiting for the results of Yahoo's investigation into the breach before deciding how to proceed, said another person familiar with the matter.

The breach occurred two years ago but was discovered after the merger deal was signed in July. Yahoo disclosed the massive breach last month and said that "state sponsored" hackers were responsible for compromising the names, email addresses, dates of birth, telephone numbers and encrypted passwords.

After a prolonged auction, Verizon outbid other suitors by agreeing to buy Yahoo's core internet business with plans to close the deal by the end of March. Shares of Yahoo fell 1.7% to $41.62 Thursday, though much of the company's market value reflects its investments in Alibaba Group Holding Ltd. and Yahoo Japan Corp.

"We are confident in Yahoo's value and we continue to work towards integration with Verizon," a Yahoo spokeswoman said in response to Mr. Silliman's comments.

Register to the Global Cyber Consultants Blog to for updates on how this develops and many more....

Featured Posts
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page