In what could mark the largest-ever theft of personal data, Yahoo has confirmed that more than 500 million of its user accounts were hacked in late 2014. The Internet company is pointing the blame at state-sponsored hackers who reportedly stole names, email addresses, birth dates, phone numbers and encrypted passwords after breaking into the Yahoo network. The company does not believe the hack impacted unprotected passwords or financial data such as payment card or bank account info. The breach was discovered after Yahoo began investigating a claim by hackers who were attempting to sell 280 million usernames and passwords.

According to The Wall Street Journal, “the Yahoo disclosure is significant because the company said it was the work of another nation, and because it raises questions about the fate of the $4.8 billion Verizon deal, which was announced on July 25.”

While Yahoo has not named a specific country as potentially being responsible for sponsoring the attacks, other attacks during the same time were believed to originate in China. More recently, additional hacks have been blamed on Russia. “Both countries have denied involvement in the hacks,” reports WSJ.

“The FBI is aware of the intrusion and investigating the matter,” the agency said. “We take these types of breaches very seriously and will determine how this occurred and who is responsible.”

The New York Times describes two years “as an unusually long time to identify a hacking incident” and cites “the Ponemon Institute, which tracks data breaches,” as explaining “the average time it takes organizations to identify such an attack is 191 days, and the average time to contain a breach is 58 days after discovery.”

If the breach leads to class-action lawsuits, the end result could be significant. A recent report from the Ponemon Institute “found that the costs to remediate a data breach is $221 per stolen record,” notes NYT. “Added up, that would top Yahoo’s $4.8 billion sale price.”

Related:
State-Sponsored Cyberattacks Prompt Debate, The Wall Street Journal, 9/22/16
FAA Advisory Body Recommends Cybersecurity Measures, The Wall Street Journal, 9/22/16
Who Hacked Yahoo? Who Cares!, Bloomberg Gadfly, 9/23/16