Irish data regulator steps up Yahoo hack probe, waits on email scanning

LONDON (Reuters) - Ireland's Data Protection Commissioner (DPC) said it had stepped up its examination of the theft of user information for 500 million Yahoo Inc YHOO.O accounts and that it was awaiting information from Yahoo on allegations it helped the U.S. government scan users' emails.

A tattered flag bearing the Yahoo company logo flies above a building in New York, U.S., October 31, 2016. REUTERS/Lucas Jackson

Yahoo revealed in September that hackers had stolen the data in 2014. U.S. politicians have criticized the delay in notifying customers.

In October, sources told Reuters that Yahoo used a software program to sift through millions of emails for specific information related to national security.

Yahoo said there was not yet a formal investigation into the hacking of user data.

“They are not actively investigating,” spokesman Charles Stewart said.

“They are examining. There is a distinction for them between examining and investigating,” he added

DPC spokeswoman MB Donnelly said the DPC had moved on from its initial steps of making preliminary inquiries to trying to ascertain whether EU laws may have been broken.

“We are in regular contact with Yahoo EMEA (Europe, Middle East and Africa) in clarifying certain facts of this case and will then proceed to take appropriate next steps,” she said in a statement.

The DPC is the lead European regulator on privacy issues for Yahoo because the company’s European headquarters are in Dublin.

Donnelly said the probe of the email scanning program was at its early stages.

“Regarding the allegations of email scanning, our position remains that we have made initial enquiries with Yahoo and that we are continuing with our preliminary assessment of the matter,” she said in an emailed statement.

The DPC declined to say if it had received any information from Yahoo about the incident.

Stewart said the DPC had indicated to Yahoo that it was not examining the email scanning program.

“Based on what I have heard from them and read, they are not, but I can’t confirm that,” he told Reuters.

The DPC declined to comment on this remark.

Yahoo is precluded by law from publishing details of the surveillance order the company had received from the U.S. authorities.

Last month the company asked U.S. Director of National Intelligence James Clapper to declassify the order so it could provide users with more information.

Reporting by Tom Bergin; Editing by David Clarke and Mark Potter