On July 25, Verizon announced plans to buy once-mighty internet company Yahoo for $4.8 billion. Yesterday, Yahoo announced that it has been the victim of a hacking attack that compromised at least 500 million users.
Depending on what Yahoo executives knew and when they knew it, the deal itself — essentially a lifeboat for a business Microsoft offered $45 billion for in 2008 — could be in jeopardy.
The hack is likely to bring Verizon back to the negotiating table for some adjustments and could even give the telecom conglomerate an escape hatch.
The July 23 merger agreement included a section where Yahoo claimed that, to its knowledge, there had been no security breach or loss, theft or unauthorized access to its data. If Yahoo knew about this hack before July 23 — and the company admitted on Sept. 22 that it happened in 2014 — that would be a breach of Yahoo’s representation to Verizon and could allow the buyer to nix the whole thing.
One dealmaker told TheWrap if he was on the Verizon board, he’d take that opportunity.
“This is not a retailer like Target getting hacked,”said a veteran private equity executive, who requested anonymity because he is actively working on deals and isn’t authorized to speak publicly. “It’s their core business.”
“It’s a data company,” he continued. “If they can’t f—ing protect their data, why does anyone want to buy it?”
Andrew Apfelberg, a partner at Greenberg Glusker who specializes in mergers and acquisitions, told TheWrap that while he certainly expects Verizon to make some changes to the deal — he suggested holding back some of the proceeds to be released at a later date — he believes Verizon’s ultimate posture will depend on why, exactly, they bought Yahoo. He did say he was surprised the hack didn’t come up in the due diligence process.
If it was mostly about the search engine or content, Apfelberg said the breach wouldn’t have been as big a deal as it would be if Verizon was mainly interested in Yahoo’s email users.
“Depending on what their buying proposition is will determine the extent of the impact,” Apfelberg said. “If they weren’t planning on email users being a big part of the business — OK, maybe we restructure. But if that was their core buying proposition, then you’re probably looking more along the lines of a significant valuation adjustment.”
“If customers completely lost their faith in the security of it and stopped using the email, the asset’s not worth as much,” he continued.
But assuming Yahoo’s email was not the main reason Verizon bought the company, Apfelberg said the hack could be thought of as a contingent liability — a potential liability that may or may not occur depending on a future event, and whose cost can be realistically estimated. In that case, there are likely to be small pricing or deal structure adjustments — but nobody would be blowing up the deal.
“In some respects, it’s a contingent liability,” Apfelberg said. “It just happens to be really freaking big.”
Apfelberg called the hack “a major PR issue” for Yahoo that is certain to result “in a bunch of pissed off customers.” Sophisticated buyers like Verizon often see themselves as part of the solution, Apfelberg noted, so Yahoo’s embattled email business could just be another thing Verizon could add value to.
“Waiting two years — that’s what gets me pissed,” Apfelberg said, mentioning that he changed one of his Yahoo passwords just that morning. “But remember, buyers are often overconfident in their ability to fix problems.”