For the second time in just four months, Yahoo has announced a massive cyberattack. The first attack, which occurred in 2014, set a record with the breach of 500 million user accounts. But the company now believes that twice as many accounts were compromised in a second data breach.

Search engine conceptAn internal investigation at the search engine company revealed a 2013 attack in which cyber criminals stole approximately 1 billion end user names, email addresses, telephone numbers, and dates of birth. Also stolen were hashed passwords as well as security questions and answers, some of which may have not been encrypted.

Yahoo did not explain why only some account recovery questions and answers were encrypted, but said it does not believe any financial data was stolen in the newly discovered earlier breach.

The news complicates Yahoo ongoing negotiations with Verizon for the $4.8 billion acquisition of Yahoo and could jeopardize the deal if Yahoo’s valuation decreases substantially.

The increasing frequency of data breaches underscores the need for privacy officers and legal counsel to be diligent. Plans should be in place to enable a quick response to unauthorized disclosures of data. Experts recommend collecting and storing only the minimum amount of data and limiting access to data only to those who need it to complete their job functions. An internal privacy policy is essential and keeping abreast of and adhering to industry best security practices can protect against and mitigate the consequences of a data breach.