[ghughes]

Given that not too long ago they were publicly shamed for implementing an invasive tracking system that completely undermines their customers' privacy, [1] you'll have to do a little better than "some past experience" and "from what I've seen" if you want your assertion that "Verizon is very serious about security" to be taken seriously.

[1] https://www.wired.com/2014/10/verizons-perma-cookie/amp/

[syshum]

One has nothing to do with the other

You can be VERY good at systems security, while simultaneously wanting to violate your customers privacy....

[bartl]

Well ironically, in this case, Verizon's problem with Yahoo is allegedly about customers' privacy.

[heroprotagonist]

Well, it is just anecdotal. Feel free to withhold judgement, it is just an anonymous internet comment instead of a detailed report from a thorough study. I'm certainly not giving you my CV. However, I was referring to what I saw of their stance towards their own security, rather than toward the privacy of their customers.

Still, I think the point that there's more for Verizon to worry about from Yahoo than the direct impact of the exposed customer data is a valid one. Failure to discover (if we believe them), or at least a failure to disclose, a breach for close to two years, does not speak well for them. Maybe this breach was only possible during some temporary time period two years ago, but it's also possible that whatever allowed the breach was open for a long time, allowing further opportunity to exploit other services on their network. The claim that it was possibly a 'state actor' either means they don't know and are covering their incompetence, or it was a fairly advanced threat that could potentially still be in place or even have expanded its footprint since 2014.