Major internet providers say will not sell customer browsing histories

The NBC and Comcast logo are displayed on top of 30 Rockefeller Plaza, formerly known as the GE building, in midtown Manhattan in New York July 1, 2015. REUTERS/Brendan McDermid/File Photo

By David Shepardson

WASHINGTON (Reuters) – Comcast Corp, Verizon Communications Inc and AT&T Inc said Friday they would not sell customers’ individual internet browsing information, days after the U.S. Congress approved legislation reversing Obama administration era internet privacy rules.

The bill would repeal regulations adopted in October by the Federal Communications Commission under former President Barack Obama requiring internet service providers to do more to protect customers’ privacy than websites like Alphabet Inc’s Google or Facebook Inc.

The easing of restrictions has sparked growing anger on social media sites.

“We do not sell our broadband customers’ individual web browsing history. We did not do it before the FCC’s rules were adopted, and we have no plans to do so,” said Gerard Lewis, Comcast’s chief privacy officer.

He added Comcast is revising its privacy policy to make more clear that “we do not sell our customers’ individual web browsing information to third parties.”

Verizon does not sell personal web browsing histories and has no plans to do so in the future, said spokesman Richard Young.

Verizon privacy officer Karen Zacharia said in a blog post Friday the company has two programs that use customer browsing data. One allows marketers to access “de-identified information to determine which customers fit into groups that advertisers are trying to reach” while the other “provides aggregate insights that might be useful for advertisers and other businesses.”

Republicans in Congress Tuesday narrowly passed the repeal of the rules with no Democratic support and over the objections of privacy advocates.

The vote was a win for internet providers such as AT&T Inc, Comcast and Verizon. Websites are governed by a less restrictive set of privacy rules.

The White House said Wednesday that President Donald Trump plans to sign the repeal of the rules, which had not taken effect.

Under the rules, internet providers would have needed to obtain consumer consent before using precise geolocation, financial information, health information, children’s information and web browsing history for advertising and marketing. Websites do not need the same affirmative consent.

Some in Congress suggested providers would begin selling personal data to the highest bidder, while others vowed to raise money to buy browsing histories of Republicans.

AT&T says in its privacy statement it “will not sell your personal information to anyone, for any purpose. Period.” In a blog post Friday, AT&T said it would not change those policies after Trump signs the repeal.

Websites and internet service providers do use and sell aggregated customer data to advertisers. Republicans say the rules unfairly would give websites the ability to harvest more data than internet providers.

Trade group USTelecom CEO Jonathan Spalter said in an op-ed Friday for website Axios that individual “browser history is already being aggregated and sold to advertising networks – by virtually every site you visit on the internet.”

This week, 46 Senate Democrats urged Trump not to sign the bill, arguing most Americans “believe that their private information should be just that.”

(Reporting by David Shepardson; Editing by Cynthia Osterman and Lisa Shumaker)

Yahoo under scrutiny after latest hack, Verizon seeks new deal terms

Yahoo logo on smartphone

By Greg Roumeliotis and Jessica Toonkel

NEW YORK (Reuters) – Yahoo Inc <YHOO.O> came under renewed scrutiny by federal investigators and lawmakers on Thursday after disclosing the largest known data breach in history, prompting Verizon Communications Inc <VZ.N> to demand better terms for its planned purchase of Yahoo’s internet business.

Shares of the Sunnyvale, California-based internet pioneer fell more than 6 percent after it announced the breach of data belonging to more than 1 billion users late on Wednesday, following another large hack reported in September.

Verizon, which agreed to buy Yahoo’s core internet business in July for $4.8 billion, is now trying to persuade Yahoo to amend the terms of the acquisition agreement to reflect the economic damage from the two hacks, according to people familiar with the matter.

The U.S. No. 1 wireless carrier still expects to go through with the deal, but is looking for “major concessions” in light of the most recent breach, according to another person familiar with the situation.

Asked about the status of the deal, a Yahoo spokesperson said: “We are confident in Yahoo’s value and we continue to work towards integration with Verizon.”

Verizon had already said in October it was reviewing the deal after September’s breach disclosure. Late on Wednesday, it said it would “review the impact of this new development before reaching any final conclusions” about whether to proceed.

The company declined to comment beyond that statement on Thursday.

Verizon has threatened to go to court to get out of the deal if it is not repriced, citing a material adverse effect, said the people familiar with the matter, who asked not to be identified because the negotiations are confidential.

No court in Delaware, where Yahoo is incorporated, has ever found that a material adverse effect has occurred that would allow companies to terminate a merger agreement.

Nevertheless, the threat of a court case on the issue has been successfully used by companies to renegotiate deals, and experts said that some concessions from Yahoo are likely, given the magnitude of the cyber security breaches.

Renegotiating the deal’s price tag would be the simplest but also least likely scenario because the impact of the data breaches will not be apparent for some time, according to Erik Gordon, a professor at the University of Michigan’s Ross School of Business.

A more likely concession would be for Yahoo to agree to compensate Verizon after the close of the deal, based on the liabilities that occur. The two companies may also agree to extend the close of the deal to allow for more time for information to come in on the impact of the breaches, Gordon suggested.

Verizon shares rose 0.4 percent to close at $51.81, in line with the S&P 500 Index <.SPX>. Yahoo closed down 6.1 percent at $38.41.

BIGGEST BREACH

Yahoo said late on Wednesday that it had uncovered a 2013 cyber attack that compromised data of more than 1 billion user accounts, the largest known breach on record.

It said the data stolen may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

The company added that some of its partners were affected. One such partner, Europe’s Sky Plc <SKYB.L>, said Yahoo provides email services to its 2.1 million Sky.com email account holders, but it was unclear how many of those accounts were affected.

The announcement followed Yahoo’s disclosure in September of a separate breach that affected over 500 million accounts, which the company said it believed was launched by different hackers.

The White House said on Thursday the U.S. Federal Bureau of Investigation was probing the breach. Several lawsuits seeking class-action status on behalf of Yahoo shareholders have been filed, or are in the works.

Meanwhile, Democratic Senator Mark Warner of Virginia said he was looking into Yahoo’s cyber security practices.

“This most-recent revelation warrants a separate follow-up and I plan to press the company on why its cyber defenses have been so weak as to have compromised over a billion users,” he said in a statement.

Warner, who will become the top Democrat on the Senate Intelligence Committee next year, described the hacks as “deeply troubling.”

New York Attorney General Eric Schneiderman urged anyone with a Yahoo account to change their passwords and security questions and said he is examining the breach’s circumstances and the company’s disclosures to law enforcement.

Germany’s cyber security authority, the Federal Office for Information Security (BSI), advised German consumers to consider switching to safer alternatives for email, and criticized Yahoo for failing to adopt modern encryption techniques to protect users’ personal data.

“Considering the repeated cases of data theft, users should look more closely at which services they want to use in the future and security should play a part in that decision,” BSI President Arne Schoenbohm said in a statement.

The latest breach drew widespread criticism from security experts, several advising consumers to close their Yahoo accounts.

“Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it,” Stu Sjouwerman, chief executive of cyber security firm KnowBe4 Inc, said in a broadly distributed email.

A Yahoo spokesperson, in response to criticism of the company’s security measures, said on Thursday: “We’re committed to keeping our users secure, both by continuously striving to stay ahead of ever-evolving online threats and to keep our users and platforms secure.”

(Reporting by Greg Roumeliotis and Jessica Toonkel in New York and Dustin Volz in Washington; Additional reporting by Liana Baker, Anna Driver, Eric Auchard and Michael Erman; Writing by Jim Finkle and Jonathan Weber; Editing by Bill Trott and Bill Rigby)

Yahoo says hackers stole data from 500 million accounts

A Yahoo logo is seen on top of the building where they have offices in New York

By Dustin Volz

(Reuters) – Yahoo Inc said on Thursday that at least 500 million of its accounts were hacked in 2014 by what it believed was a state-sponsored actor, a theft that appeared to be the world’s biggest known cyber breach by far.

Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said. But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signaling that some of the most valuable user data was not taken.

The attack on Yahoo was unprecedented in size, more than triple other large attacks on sites such as eBay Inc, and it comes to light at a difficult time for Yahoo.

Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994, and the company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc.

“This is the biggest data breach ever,” said well-known cryptologist Bruce Schneier, adding that the impact on Yahoo and its users remained unclear because many questions remain, including the identity of the state-sponsored hackers behind it.

On its website on Thursday, Yahoo encouraged users to change their passwords but did not require it.

Although the attack happened in 2014, Yahoo only discovered the incursion after August reports of a separate breach. While that report turned out to be false, Yahoo’s investigation turned up the 2014 theft, according to a person familiar with the matter.

Analyst Robert Peck of SunTrust Robinson Humphrey said the breach probably was not enough to prompt Verizon to abandon its deal with Yahoo, but it could call for a price decrease of $100 million to $200 million, depending on how many users leave Yahoo.

Steven Caponi, an attorney at K&L Gates with a practice including merger litigation, said that Yahoo’s breach could fall under the “material adverse change” clause common in mergers allowing a buyer to walk away if its target’s value deteriorates.

“That would give Verizon the opportunity to renegotiate the terms or potentially walk away from the transaction if it is a material change. Whether it is a material change will depend in large part on what kind of information was compromised,” Caponi said.

Still, it is rare for mergers to fall apart over material changes. Verizon said in a statement it was made aware of the breach within the last two days and had limited information about the matter.

“We will evaluate as the investigation continues through the lens of overall Verizon interests,” the company said.

Shares of Yahoo stock closed a penny higher at $44.15, while shares of Verizon, were up about 1 percent.

RISING ATTACKS

The Yahoo breach follows a rising number of other large-scale data attacks and could make it a watershed event that prompts government and businesses to put more effort into bolstering defenses, said Dan Kaminsky, a well-known internet security expert.

Retailers and health insurers have been especially hard hit after high-profile breaches at Home Depot Inc, Target Corp, Anthem Inc and Premera Blue Cross.

“Five hundred of the Fortune 500 have been hacked,” he said. “If anything has changed, it’s that these attacks are getting publicly disclosed.”

Three U.S. intelligence officials, who declined to be identified by name, said they believed the attack was state-sponsored because of its resemblance to previous hacks traced to Russian intelligence agencies or hackers acting at their direction.

Yahoo said it was working with law enforcement on the matter, and the FBI said it was investigating.

“The investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network,” the company said.

While the breach comprised mostly low-value information, it did include security questions and answers created by users themselves. That data could make users vulnerable if they use the same answers on other sites.

A former Yahoo employee said the Q&amp;A were deliberately left unencrypted, which allowed Yahoo to catch fake accounts more easily because fake accounts tended to reuse questions and answers.

News of the massive breach at one of the nation’s largest email providers may fan concern that U.S. companies and government agencies are not doing enough to improve cyber security.

Democratic Senator Mark Warner said in a statement he was “most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today.”

Technology website Recode first reported Tuesday that Yahoo planned to disclose details about a data breach affecting hundreds of millions of users.

(Reporting by Aishwarya Venugopal in Bengaluru and Dustin Volz in Washington; additional reporting by Jim Finkle in Boston, Lauren Hirsch in New York, and Joseph Menn and Deborah Todd in San Francisco, writing by Alwyn Scott; editing by Peter Henderson and Cynthia Osterman)

40,000 Verizon Workers on Strike

Verizon workers take part in a rally as they negotiate a union contract in New York

(Reuters) – Tens of thousands of Verizon Communications Inc. workers walked off the job on Wednesday in one of the largest U.S. strikes in recent years after contract talks hit an impasse.

The strike could affect service in Verizon’s Fios Internet, telephone and TV services businesses across several U.S. East Coast states, including New York, Massachusetts and Virginia.

The strike was called by the Communications Workers of America and the International Brotherhood of Electrical Workers that jointly represent nearly 40,000 employees, such as customer services representatives and network technicians in Verizon’s traditional wireline phone operations.

Workers protested at various Verizon locations along the East Coast. Verizon said it had trained thousands of non-union employees over the past year to ensure no disruption in services.

While the wireline unit represents Verizon’s legacy business, it generated about 29 percent of the company’s revenue in 2015 and less than 7 percent of operating income.

Verizon’s Fios TV and Internet service is no longer growing and the company has been scaling back its landline network as it has shifts to the bread-and-butter wireless business and new efforts in mobile video and advertising.

Verizon and the unions have been talking since last June over the company’s plans to cut healthcare and pension-related benefits over a three-year period.

The workers have been without a contract since its agreement expired in August. Issues include healthcare, offshoring call center jobs, work rules and pensions.

“It’s regrettable that union leaders have called a strike, a move that hurts all of our employees,” Marc Reed, Verizon’s chief administrative officer, said in a statement on Wednesday. “Since last June, we’ve worked diligently to try and reach agreements that would be good for our employees, good for our customers and make the wireline business more successful now and in the future.”

The last contract negotiations in 2011 also led to a strike. A new contract was reached after two weeks.

On Tuesday, Verizon said it has been approached by the Federal Mediation and Conciliation Service. In the last round, the FMCS mediated their contract dispute.

“The question of federal mediation is a distraction to the real problem: Verizon’s corporate greed,” the unions said in a statement, adding it has not yet contacted the FMCS.

Verizon’s shares dipped 0.1 percent at $51.88.

(Reporting by Malathi Nayak and Rishika Sadam; Editing by Saumyadeb Chakrabarty; and Jeffrey Benkoe)