Getting hit with hacks that hacks that affected more than a billion users may have only been the beginning of Yahoo’s troubles. The company is now being investigated by the Securites and Exchange Commission (SEC) over how it responded to the attacks.

According to reports, the SEC is looking into whether the company should have disclosed more information about the attacks to their investors. At issue is the timeliness of Yahoo’s response to two separate hacks. The first, occurring in 2013, consisted of a data breach involving over a billion user accounts. The second took place in 2014 and involved around 500 million accounts.

SEC Requests Documents from Yahoo

The SEC requires companies to disclose information about such data breaches to their investors as soon as they determine that they could potentially have material impacts on the companies' stocks. In December, the agency issued a request for documentation to Yahoo on its reporting process, according to reports.

Although the first breach took place more than three years ago, the company did not begin disclosing the attacks until a few months ago. The SEC will likely be looking into whether Yahoo breached civil securities laws by failing to report the attacks sooner.

The agency originally issued guidance to all publicly held companies in 2011 informing them of the responsibility to report any data breach that could materially affect investors. If the SEC ultimately decides to pursue a case against Yahoo, it will be a major test case for the agency’s new regulations regarding such disclosures.

Threatening the Sale to Verizon

The SEC has already investigated other companies over similar circumstances. For example, the agency has looked into the 2013 data breach of Target Corp, which resulted in the release of information on as many as 70 million credit and debit card accounts. However, in that case, Target disclosed the attack only weeks after it had occurred, and the SEC ultimately decided not to pursue any actions against the company.

The case against Yahoo may prove to be a very different situation, given the considerable amount of time that elapsed between the breaches and their revelations by the company. In September, U.S. Senator Mark Warner, a Virginia Democrat, wrote an open letter to SEC Chairwoman Mary Jo White to look into the breached based on suggestions that Yahoo CEO Marissa Meyer may have known about the attacks as early as July.

The news of the SEC’s investigation is only the latest in a series of negative developments for the Internet company, which is in the middle of a merger with Verizon. The Internet service provider is reportedly trying to cut is agreed-upon price of $4.8 billion deal by $1 billion in the wake of the hacking disclosures.

If the SEC decides to pursue enforcement actions against Yahoo, Verizon might prove even more skittish about the deal, requesting an additional discount or threatening to walk away entirely.