About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Providing innovative procurement solutions for local government projects April 20, 2018

We advised City of Casey on the procurement process of the Bunjil Place Project. Bunjil Place is a $125 million civic and cultural precinct for the City of Casey, encompassing an 800-seat theatre and 200-seat … Continued

Latest News

In good hands: Maddocks advises on physio business acquisition April 11, 2018

Wednesday 11 April 2018 Maddocks has advised Zenitas Healthcare Limited on its acquisition of the Agewell Physiotherapy business. Agewell is a mobile physiotherapy provider servicing residential aged care facilities, retirement villages and communities in New … Continued

Latest Article

The right to use plans prepared by a design consultant: the devil is in the detail April 11, 2018

When a design consultant (such as an architect or engineer) brings their plans or designs into material form, copyright will usually subsist in those documents as an artistic work. The designer owns that copyright unless … Continued

Potential fallout from Yahoo’s data breach cooee: how cyber security can affect M&A transactions

Monday 31 October 2016

Earlier this year, Yahoo Inc. (Yahoo) publicly revealed that personal information from at least 500 million user accounts was stolen by hackers.

Surprisingly, the data breach may have happened as far back as the end of 2014. Yahoo was placed in the invidious position of having to recommend that all ‘potentially’ affected users change their passwords, especially if they had not done so since 2014.

The revelation has been problematic for Yahoo to say the least. Yahoo’s reputation and brand has suffered a significant blow, adding to the company’s woes of flagging users, traffic and ad revenue.

Adverse impacts of this nature are largely expected following data breaches of high-profile companies. But what was less expected was the news that the breach’s revelation has the potential to derail a major acquisition of Yahoo.

On 25 July 2016, Verizon Communications Inc. (Verizon) agreed to buy Yahoo’s web assets for USD $4.83 billion. However, following news of the breach, Verizon has stated it has a reasonable basis to believe the data breach represents a material impact that could allow Verizon to withdraw from the deal.

These developments highlight key issues to consider during the ongoing management of a business –  irrespective of whether the business is IT-related or otherwise. Equally, Yahoo’s data breach cooee reminds us that cyber security should be a consideration during M&A transactions.

Cyber security considerations for buyers

If you are looking to, or are in the process of, purchasing the assets or shares of another business or company, it would be prudent to consider whether cyber security may be an important component of the deal.

If cyber security is a key consideration for you, you might want to think about including the ability to pull out of the deal if there is a cyber security breach in the run-up to completion.

Equally, you need to consider whether you have appropriate warranties or insurance in place, in the event an adverse cyber security revelation comes to light after completion.

Cyber security considerations for sellers, or potential sellers

Yahoo’s woes are equally illustrative for businesses or companies considering entering into a M&A transaction as sellers in the near or long term.

Cyber security should not be a reactive consideration. Instituting cyber security precautions is essential for the proper management of an internet connected business.

It is claimed Yahoo CEO Marissa Mayer’s handling of cyber security issues in 2014 drove one information security head away from Yahoo to Facebook Inc., following a failed attempt to get Yahoo’s management to take a more aggressive approach to cyber security.

In previous articles, Maddocks has discussed the importance of instituting proper cyber security practices, especially if you are a director and subject to the obligations under the Corporations Act 2001 or Commonwealth entity official or Commonwealth company director.

So whether you’re the head of an IT related business, or merely hold personal information of your customers, you should always consider introducing proper cyber security precautions.

To reveal or not to reveal?

Yahoo’s decision to reveal the hack also raises the issue of whether Australian organisations should be legally compelled to disclose cyber security breaches. Currently in Australia, there are no laws compelling the disclosure of such breaches.

However, the situation is likely to change in the short term. On 19 October 2016, the Privacy Amendment (Notifiable Data Breaches) Bill 2016 was introduced to Parliament. If enacted, the Bill would force agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of eligible data breaches.

As always, Maddocks will continue to monitor these and other cyber security developments.

 

Author:
Rafael Perez 5cm 300ppi BW JPEG 2015 Rafael Perez | Lawyer
61 3 9258 3335
rafael.perez@maddocks.com.au

Monday 31 October 2016

Earlier this year, Yahoo Inc. (Yahoo) publicly revealed that personal information from at least 500 million user accounts was stolen by hackers.

Surprisingly, the data breach may have happened as far back as the end of 2014. Yahoo was placed in the invidious position of having to recommend that all ‘potentially’ affected users change their passwords, especially if they had not done so since 2014.

The revelation has been problematic for Yahoo to say the least. Yahoo’s reputation and brand has suffered a significant blow, adding to the company’s woes of flagging users, traffic and ad revenue.

Adverse impacts of this nature are largely expected following data breaches of high-profile companies. But what was less expected was the news that the breach’s revelation has the potential to derail a major acquisition of Yahoo.

On 25 July 2016, Verizon Communications Inc. (Verizon) agreed to buy Yahoo’s web assets for USD $4.83 billion. However, following news of the breach, Verizon has stated it has a reasonable basis to believe the data breach represents a material impact that could allow Verizon to withdraw from the deal.

These developments highlight key issues to consider during the ongoing management of a business –  irrespective of whether the business is IT-related or otherwise. Equally, Yahoo’s data breach cooee reminds us that cyber security should be a consideration during M&A transactions.

Cyber security considerations for buyers

If you are looking to, or are in the process of, purchasing the assets or shares of another business or company, it would be prudent to consider whether cyber security may be an important component of the deal.

If cyber security is a key consideration for you, you might want to think about including the ability to pull out of the deal if there is a cyber security breach in the run-up to completion.

Equally, you need to consider whether you have appropriate warranties or insurance in place, in the event an adverse cyber security revelation comes to light after completion.

Cyber security considerations for sellers, or potential sellers

Yahoo’s woes are equally illustrative for businesses or companies considering entering into a M&A transaction as sellers in the near or long term.

Cyber security should not be a reactive consideration. Instituting cyber security precautions is essential for the proper management of an internet connected business.

It is claimed Yahoo CEO Marissa Mayer’s handling of cyber security issues in 2014 drove one information security head away from Yahoo to Facebook Inc., following a failed attempt to get Yahoo’s management to take a more aggressive approach to cyber security.

In previous articles, Maddocks has discussed the importance of instituting proper cyber security practices, especially if you are a director and subject to the obligations under the Corporations Act 2001 or Commonwealth entity official or Commonwealth company director.

So whether you’re the head of an IT related business, or merely hold personal information of your customers, you should always consider introducing proper cyber security precautions.

To reveal or not to reveal?

Yahoo’s decision to reveal the hack also raises the issue of whether Australian organisations should be legally compelled to disclose cyber security breaches. Currently in Australia, there are no laws compelling the disclosure of such breaches.

However, the situation is likely to change in the short term. On 19 October 2016, the Privacy Amendment (Notifiable Data Breaches) Bill 2016 was introduced to Parliament. If enacted, the Bill would force agencies, organisations and certain other entities to provide notice to the Australian Information Commissioner and affected individuals of eligible data breaches.

As always, Maddocks will continue to monitor these and other cyber security developments.

 

Author:
Rafael Perez 5cm 300ppi BW JPEG 2015 Rafael Perez | Lawyer
61 3 9258 3335
rafael.perez@maddocks.com.au