The second major hack of Yahoo! Inc. user accounts is unlikely to derail Verizon Communications Inc.'s $4.83 billion acquisition of the tech giant, with investors and the public becoming inured to near-daily disclosures of cyberattacks.
Hundreds of U.S. companies fall prey to hackers every year and, in many cases, the data breaches neither hurt bottom lines nor scare away customers for too long. After initial anxieties ease, everyone generally moves on. Experts say the same holds true for Yahoo and Verizon.
"I tend to not feel like these hacks are that big of a deal in the broader scheme of things," said Michael Mahoney, senior managing director at Falcon Point Capital, which invests in wireless companies. "Obviously, they can be damaging. But it doesn't take too long before people forget about it."
In the United States, especially, data breaches continue to mount. Within the last few years, hackers have infiltrated Sony Corp., Target Corp., Home Depot Inc., JPMorgan Chase & Co., auction site eBay Inc., and health insurer Anthem Inc. Almost 1,000 data breaches, including Yahoo's, occurred in the U.S. just this year, according to the Identity Theft Resource Center.
But Yahoo's is one of the largest-scale data breaches reported to date. The company said that cyber-thieves in 2013 siphoned information from more than one billion Yahoo accounts, including users' email addresses, scrambled account passwords, and dates of birth, data that allow criminals to go after more sensitive personal information elsewhere online. It was the second disclosure of a major data breach since Verizon agreed to buy Yahoo. In September, the tech company revealed that more than 500 million users' data had been hacked in a separate, state-sponsored attack in 2014.
"There are many breaches with many entities that have these types of breaches occurring," said Eva Casey Velasquez, chief executive officer of the Identity Theft Resource Center.
Since Target's data breach in 2013, public sentiment has shifted, Velasquez said. "People know what a data breach is. But because it did become so ubiquitous in our conversation, there's a little bit of apathy."
Costs of data breaches have been substantial but not devastating. Target and Home Depot estimated that their data breaches resulted in about $200 million each in expenses not covered by insurance. Those are minimal amounts for big companies their size.
And depending on the type of hack and the data stolen, Yahoo's legal liability may be negligible. Benjamin Dean, president of Iconoclast Tech, a data-security consultant, said Yahoo is unlikely to incur large losses as a result of recent class-action lawsuits.
"The track record for successful class actions relating to stolen non-payment card data isn't good," Dean said. "Those bringing the class action typically have to show material damage due to the data lost in a breach - and this has proven difficult to show or prove."
Still, Yahoo's costs may be higher simply because of the magnitude of the breach, and may even lead to a loss of users or advertisers. Larry Ponemon, founder of the Ponemon Institute, a think-tank focused on data security, believes Yahoo's costs - plus opportunities lost - could be $2 to $3 a customer record, and shave $1 billion from the price Verizon pays.
"The timing couldn't be worse for Yahoo," he said.