September 2016 saw one of the largest cyber security breaches in history when internet provider Yahoo were about to be bought over by Verizon. The attack which had its origins some time in 2014 compromised the confidential details of over 500 million Yahoo users. Details included real names, dates of birth, addresses and telephone numbers. As a result, Yahoo were eventually sold to Verizon for $350million less than would otherwise have been the case had the attack not occurred. The details of the sale concluded that both organisations would assume the administrative and legal consequences of the hacking.
The attack was most likely carried out by a government organisation outside of the United States. The attackers were able to take advantage of a fragility in the cookies present within the system. They disguised themselves as other internet users and gained access to their confidential records. As well as stealing information from individual users they also managed to find more entitled users who themselves had access to the records of many others. All of those records then became compromised.
https://bpbonline.com/en-gb/blogs/news/yahoo-data-breach-what-actually-happened
Despite the hack commencing in 2014, Yahoo didn’t notify their users about it until a couple of years later. Had they made an announcement earlier they could’ve informed users to change their passwords in order to make access more difficult for the attackers. This also would’ve enabled them to begin cooperation with law enforcement organisations to minimise the damage of the attack.
https://medium.com/@sat_g/3-mega-breaches-and-how-they-could-have-been-prevented-c35f29873b3e