The Securities and Exchange Commission has opened an investigation into Yahoo’s highly-publicized data breaches and whether the company should have disclosed the massive hacks earlier. “The SEC requires companies to disclose cybersecurity risks as soon as they are determined to have an effect on investors,” reports The Wall Street Journal. Yahoo’s 2014 breach, disclosed in September 2016, involved data from at least 500 million users. In December 2016, the company revealed that more than 1 billion Yahoo user accounts had been breached in 2013. “The SEC has investigated multiple companies over whether they properly disclosed hacks,” notes WSJ, especially after the 2013 Target breach “that compromised up to 70 million credit and debit-card accounts.”