About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Assisting on whole of government technology agreements November 2, 2017

Maddocks advised the Commonwealth Government’s Digital Transformation Agency (DTA) on its whole of government purchasing agreement with SAP. The DTA was set up in 2015 to assist government departments and agencies with digital transformation and … Continued

Latest News

Construction and Projects special counsel joins Maddocks January 17, 2018

17 January 2018 Maddocks has appointed Sefton Warner as a special counsel in the firm’s Construction and Projects team. Sefton brings to Maddocks extensive front-end construction projects experience, having worked on a number of major … Continued

Latest Article

2017: In Review – The biggest tech trends and events of the year January 17, 2018

2017 has been another frenetic and significant year for the technology sector. In keeping with Commvault and Maddocks’ joint mission to deliver you practical guidance, our end of year wrap-up highlights the most significant technology … Continued

Potential fallout from Yahoo’s data breach cooee: how cyber security can affect M&A transactions

Monday 31 October 2016

Earlier this year, Yahoo Inc. (Yahoo) publicly revealed that personal information from at least 500 million user accounts was stolen by hackers.

Surprisingly, the data breach may have happened as far back as the end of 2014. Yahoo was placed in the invidious position of having to recommend that all ‘potentially’ affected users change their passwords, especially if they had not done so since 2014.

The revelation has been problematic for Yahoo to say the least. Yahoo’s reputation and brand has suffered a significant blow, adding to the company’s woes of flagging users, traffic and ad revenue.

Adverse impacts of this nature are largely expected following data breaches of high-profile companies. But what was less expected was the news that the breach’s revelation has the potential to derail a major acquisition of Yahoo.

On 25 July 2016, Verizon Communications Inc. (Verizon) agreed to buy Yahoo’s web assets for USD $4.83 billion. However, following news of the breach, Verizon has stated it has a reasonable basis to believe the data breach represents a material impact that could allow Verizon to withdraw from the deal.

These developments highlight key issues to consider during the ongoing management of a business –  irrespective of whether the business is IT-related or otherwise. Equally, Yahoo’s data breach cooee reminds us that cyber security should be a consideration during M&A transactions.

Cyber security considerations for buyers

If you are looking to, or are in the process of, purchasing the assets or shares of another business or company, it would be prudent to consider whether cyber security may be an important component of the deal.

If cyber security is a key consideration for you, you might want to think about including the ability to pull out of the deal if there is a cyber security breach in the run-up to completion.

Equally, you need to consider whether you have appropriate warranties or insurance in place, in the event an adverse cyber security revelation comes to light after completion.

Cyber security considerations for sellers, or potential sellers

Yahoo’s woes are equally illustrative for businesses or companies considering entering into a M&A transaction as sellers in the near or long term.

Cyber security should not be a reactive consideration. Instituting cyber security precautions is essential for the proper management of an internet connected business.

It is claimed Yahoo CEO Marissa Mayer’s handling of cyber security issues in 2014 drove one information security head away from Yahoo to Facebook Inc., following a failed attempt to get Yahoo’s management to take a more aggressive approach to cyber security.

In previous articles, Maddocks has discussed the importance of instituting proper cyber security practices, especially if you are a director and subject to the obligations under the Corporations Act 2001 or Commonwealth entity official or Commonwealth company director.

So whether you’re the head of an IT related business, or merely hold personal information of your customers, you should always consider introducing proper cyber security precautions.

To reveal or not to reveal?

Yahoo’s decision to reveal the hack also raises the issue of whether Australian organisations should be legally compelled to disclose cyber security breaches. Currently in Australia, there are no laws compelling the disclosure of such breaches.

However, the situation is likely to change in the short term. On 19 October 2016, the Privacy Amendment (Notifiable Data Breaches) Bill 2016 was introduced to Parliament. If enacted, the Bill would force agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of eligible data breaches.

As always, Maddocks will continue to monitor these and other cyber security developments.

 

Author:
Rafael Perez 5cm 300ppi BW JPEG 2015 Rafael Perez | Lawyer
61 3 9258 3335
rafael.perez@maddocks.com.au

Monday 31 October 2016

Earlier this year, Yahoo Inc. (Yahoo) publicly revealed that personal information from at least 500 million user accounts was stolen by hackers.

Surprisingly, the data breach may have happened as far back as the end of 2014. Yahoo was placed in the invidious position of having to recommend that all ‘potentially’ affected users change their passwords, especially if they had not done so since 2014.

The revelation has been problematic for Yahoo to say the least. Yahoo’s reputation and brand has suffered a significant blow, adding to the company’s woes of flagging users, traffic and ad revenue.

Adverse impacts of this nature are largely expected following data breaches of high-profile companies. But what was less expected was the news that the breach’s revelation has the potential to derail a major acquisition of Yahoo.

On 25 July 2016, Verizon Communications Inc. (Verizon) agreed to buy Yahoo’s web assets for USD $4.83 billion. However, following news of the breach, Verizon has stated it has a reasonable basis to believe the data breach represents a material impact that could allow Verizon to withdraw from the deal.

These developments highlight key issues to consider during the ongoing management of a business –  irrespective of whether the business is IT-related or otherwise. Equally, Yahoo’s data breach cooee reminds us that cyber security should be a consideration during M&A transactions.

Cyber security considerations for buyers

If you are looking to, or are in the process of, purchasing the assets or shares of another business or company, it would be prudent to consider whether cyber security may be an important component of the deal.

If cyber security is a key consideration for you, you might want to think about including the ability to pull out of the deal if there is a cyber security breach in the run-up to completion.

Equally, you need to consider whether you have appropriate warranties or insurance in place, in the event an adverse cyber security revelation comes to light after completion.

Cyber security considerations for sellers, or potential sellers

Yahoo’s woes are equally illustrative for businesses or companies considering entering into a M&A transaction as sellers in the near or long term.

Cyber security should not be a reactive consideration. Instituting cyber security precautions is essential for the proper management of an internet connected business.

It is claimed Yahoo CEO Marissa Mayer’s handling of cyber security issues in 2014 drove one information security head away from Yahoo to Facebook Inc., following a failed attempt to get Yahoo’s management to take a more aggressive approach to cyber security.

In previous articles, Maddocks has discussed the importance of instituting proper cyber security practices, especially if you are a director and subject to the obligations under the Corporations Act 2001 or Commonwealth entity official or Commonwealth company director.

So whether you’re the head of an IT related business, or merely hold personal information of your customers, you should always consider introducing proper cyber security precautions.

To reveal or not to reveal?

Yahoo’s decision to reveal the hack also raises the issue of whether Australian organisations should be legally compelled to disclose cyber security breaches. Currently in Australia, there are no laws compelling the disclosure of such breaches.

However, the situation is likely to change in the short term. On 19 October 2016, the Privacy Amendment (Notifiable Data Breaches) Bill 2016 was introduced to Parliament. If enacted, the Bill would force agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of eligible data breaches.

As always, Maddocks will continue to monitor these and other cyber security developments.

 

Author:
Rafael Perez 5cm 300ppi BW JPEG 2015 Rafael Perez | Lawyer
61 3 9258 3335
rafael.perez@maddocks.com.au