A recent SEC filing shows Yahoo likely knew about the breach in 2014 but didn't realize how extensive it was, Fortune reports.
In late September, Yahoo confirmed that a 2014 data breach affected approximately 500 million users.
"The company had identified that a state-sponsored actor had access to the company's network in late 2014," Yahoo's 10-k form states.
In its filing, the company said it had created an independent board to investigate "the scope of the knowledge within the company in 2014 and thereafter regarding this access" and "the extent to which certain users' account information had been accessed." The filing adds that Yahoo's investigators believed the hacker accessed users' email accounts via cookie forgery.
Though a few Yahoo employees probably knew about the breach when it happened, the extent of the breach reportedly shocked them. "It wasn't until this most recent intensification of the investigation that really gave away the full scope of what occurred," said a source familiar with the situation, according to Fortune.
More articles on IT:
Interoperability, information sharing: ONC releases report on key focus areas
3 Donald Trump quotes on cybersecurity
Epic VP praises company's interoperability progress