Yahoo is punishing CEO Marissa Mayer and parting ways with its top lawyer for the mishandling of two security breaches that exposed the personal information of more than 1 billion users and already have cost the company $350 million, the AP reports. Mayer won't be paid her annual bonus nor receive a potentially lucrative stock award because a Yahoo investigation concluded her management team reacted too slowly to one breach discovered in 2014. Yahoo's general counsel, Ronald Bell, resigned without severance pay for his department's lackadaisical response to the security lapses. Although Yahoo's security team uncovered evidence that a hacker backed by an unnamed foreign government had pried into user accounts in 2014, executives "failed to act sufficiently" on that knowledge, according to the results of an internal investigation disclosed Wednesday.
At that time, Yahoo only notified 26 people that their accounts had been breached. The report didn't identify the negligent executives, but it chastised the company's legal department for not looking more deeply into the 2014 breach. Because of that, the incident "was not properly investigated and analyzed at the time," the report concluded. Yahoo didn't disclose the 2014 breach until last September. In a blog post on Yahoo's Tumblr service , Mayer said she didn't learn about the scope of the breaches until September and then tried to set things right. "However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant," Mayer wrote. In its report, Yahoo's board said it decided to withhold a cash bonus that otherwise would have been paid to her. Mayer is eligible to receive a bonus of up to $2 million annually. The board said it accepted Mayer's offer to relinquish her annual stock award, which is typically worth millions of dollars. (More Yahoo stories.)