Yahoo is facing a probe by the Securities and Exchange Commission over how it handled the disclosure of two massive data breaches. A source familiar with the matter told The Wall Street Journal the investigation will likely focus on a 2014 cyberattack that saw the personal data of 500 million users released. The company disclosed that breach only in September 2016, which may have violated civil securities laws, the report said. The investigation will also cover a 2013 breach that was only announced last December. While the SEC issued guidelines in 2011 calling for companies to disclose any security breaches, the guidelines did not specify a timeframe, meaning the Yahoo case could set a precedent and provide clarification.