Unfortunately , Yahoo did n't , according to a new internal investigation . The internet pioneer , which reported a massive data breach Attack.Databreach involving 500 million user accounts in September , actually knew an intrusion Attack.Databreach had occurred back in 2014 , but allegedly botched its response . The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach , which the company has blamed on a state-sponsored hacker . That breach Attack.Databreach , which only became public last year , involved the theft Attack.Databreach of user account details such as email addresses , telephone numbers , and hashed passwords . After Yahoo went public with it , the company established an independent committee to investigate the matter . The committee found that Yahoo ’ s security team and senior executives actually knew that a state-sponsored actor had hacked certain user accounts back in 2014 , according to the filing . But even as the company took some remedial actions , such as notifying 26 users targeted in the hack and adding new security features , some senior executives allegedly failed to comprehend or investigate the incident further . For instance , in December 2014 , Yahoo 's security team knew the state-sponsored actor had stolen Attack.Databreach copies of backup files that contained users ' personal data . But it 's unclear whether this information was ever `` effectively communicated and understood '' outside the security team , Wednesday 's filing said . No intentional suppression of information was found , although Yahoo 's legal team had enough reason to investigate the breaches further , the committee concluded . `` As a result , the 2014 security Incident was not properly investigated and analyzed at the time , '' the filing said . It was only about two years later when Yahoo publicly disclosed the breach . That came after a stolen database from the company allegedly went up Attack.Databreach for sale on the black market . However , after Yahoo disclosed the breach Attack.Databreach , a few months later , the company learned of an even bigger hack Attack.Databreach that involved 1 billion Yahoo user accounts and further rocked the company 's reputation . That breach Attack.Databreach originally occurred in August 2013 but wasn ’ t noticed until law enforcement provided Yahoo with a copy of the stolen data last November . According to Wednesday 's filing , Yahoo still hasn ’ t learned how this data was stolen Attack.Databreach , although it appears to be separate from the 2014 breach . In addition , the company has been investigating an another incident involving a hacker forging cookies as a way to break into user accounts . Wednesday 's filing said that about 32 million user accounts were affected .