BERLIN May 11 Germany's federal cyber agency
said on Thursday that Yahoo Inc had not cooperated with
its investigation into a series of hacks that compromised more
than one billion of the U.S. company's email users between 2013
Yahoo's Dublin-based Europe, Middle East and Africa unit
"refused to give the BSI any information and referred all
questions to the Irish Data Protection Commission, without,
however, giving it the authority to provide information to the
BSI," Germany's BSI computer security agency said.
A BSI spokesman said it decided to go public after Yahoo
repeatedly failed to respond to efforts to look into the data
breaches and garner lessons to prevent similar lapses. BSI also
urged internationally active Internet service providers to work
more closely with it when German customers were affected by
cyber attacks and other computer security issues.
Yahoo did not respond to requests for comment, while
Ireland's data protection agency was not immediately available.
The BSI's statement comes at a time of heightened German
government concerns about Russian meddling in national elections
in September, after cyber attacks on the French and U.S.
presidential elections which have been linked to Russia.
The U.S. Justice Department in March charged two Russian
intelligence agents and two hackers with masterminding the 2014
theft of 500 million Yahoo accounts, marking the first time the
U.S. government had criminally charged Russian spies for cyber
offences., while U.S. officials have charged
Russian intelligence agents with involvement in at least one of
the hacks that affected Yahoo.
Moscow has denied any involvement in hacking.
The BSI said it did not yet have any concrete information
about the data breaches because of Yahoo's lack of cooperation.
"Users should therefore be very careful about which services
they want to use in the future and to whom they entrust their
data," BSI President Arne Schoenbohm said in a statement.
The BSI chief reiterated his recommendation that German
consumers consider switching to other email service providers,
adding that certifications such as those offered with C5-class
cloud service security were valuable for customers.
C5 is a German government scheme to encourage cloud-based
internet service providers to attest they use various safeguards
against cyber attacks.
Late last year Yahoo, which has agreed to be acquired by
U.S. telecoms giant Verizon and is set to be merged with
AOL to form a new business known as Oath, revealed a data breach
dating back to 2013 of one billion user accounts.
The various disclosures led Verizon to cut the amount it was
willing to pay for Yahoo by $350 million on its previously
agreed $4.83 billion deal. Yahoo has said it expects the merger
into Verizon to close in June.
BSI said an additional 32 million Yahoo users were affected
by cyber breaches in 2015 and 2016. A spokesman for the agency
said he was unaware of any additional breaches in 2017.
(Additional reporting by Eric Auchard in Frankfurt; editing by