Yahoo is part of a growing list of companies disclosing past data breaches to the Securities and Exchange Commission, as hackers become more successful in penetrating company firewalls to steal sensitive data.
The internet company reported in September that hackers had stolen data from 500 million users in 2014, making it the 102nd company to disclose such a theft to the SEC, according to data from Audit Analytics. Overall, 17 companies reported breaches to the regulator last year, down from 18 in 2015 and 34 in 2014.
Yahoo also disclosed in December a second breach that occurred in 2013.
The Wall Street Journal reported on Monday that the SEC has opened an investigation into whether Yahoo should have reported the data theft to investors earlier. The SEC requires companies to disclose cybersecurity risks as as soon as they are determined to have a material effect on their businesses.