While it's not a surprise to hear that this order of magnitude of users have been corporate hacked, the rise of the digital business means everyone is more or less online these days. What is shocking is the date , 2014 and the sense of resignation that some may have to the event. This is far too late for professional cyber security risk management that should have organisational practices inside Yahoo one would expect . This other is what is the legal impact for Yahoo from the reputational impact and liability in losses for customers could yet be significant and a headache for Verizon's its planned imminent takeover of Yahoo.
The lateness of the attack discovery, a whole 2 years, and the indication that it was a government state-sponsored attack suggests both a highly professional stealth attack or perhaps some failure in basic perimeter monitoring by Yahoo internal security practice.
Either way, serious questions on internal checking of data breaches must be addressed. There will be a significant internal review in yahoo and Verizon to develop a turnaround plan for this hack but it also suggests a need for a stronger perhaps government and industry role needed to increase cyber protection in the light of the rise in more stealth attacks. The infamous Russian bank stealth attack had a similar slow burn attack from an undetected stealth attack that resulted in an estimated 1 Billion Euro loss from several banks.
This Yahoo situation is not that level of financial loss but the impact but the rise of huge cyber attaches will need much stronger cyber responses.