Tech giant Yahoo is being scrutinised in an investigation by the the US Securities and Exchange Commission (SEC) over whether it should have reported data breaches sooner to investors.
In December, Yahoo admitted it was a target of a cyber attack in August 2013 in which data of more than one billion users was compromised.
In September, the beleaguered tech company revealed that personal details of over 500m users were stolen in a breach in 2014.
In a quarterly filing late last year, Yahoo said it was “cooperating with federal, state and foreign” agencies, including the SEC. Other agencies investigating the cyber attacks include the Federal Trade Commission and the US Attorney’s Office in Manhattan.
According to rules laid out by the SEC, companies are required to disclose cyber breaches to investors. However, a 2012 Reuters investigation found that companies whose security has been compromised tend to "often omit those details" in regulatory filings.
Earlier this year, Yahoo confirmed its chief executive Marissa Mayer will step down from the board after the tech giant completes its $4.8bn (£3.9bn) deal with Verizon.
The holding company of Yahoo’s core assets will be called Altaba, it was revealed in a filing with the US Securities and Exchange Commission (SEC).