Whilst Verizon may have "conducted brand studies and found that Yahoo's reputation was holding up after the hacks", the fact is that the parties have agreed to knock a whopping $350 million off of the deal value.
The eye-watering fines that will be on the cards under GDPR from May 2018 have generated a lot of press and have, frankly, resulted in a fair amount of scare-mongering (€20 million or 4% of global turnover, if you needed reminding).
However, the reality is that the largest 'cost' to a business following a security or data breach is usually operational and reputational (and usually by quite some margin). The aftermaths of a breach can be crippling and expensive, with the attention of key stakeholders and frontline resources (both internal and external) diverted towards investigations and remedial/recovery projects, not to mention conversations with regulators and affected individuals.
Remember Sony's staff using pens and paper for days and weeks on end? Or Talk Talk's lost 100,000 customers? Verizon's $350 million price chip and 50:50 division of future regulatory liability is yet another readily quantifiable example of the potential impact of a data breach.
The closing of the deal, which was first announced in July, had been delayed as the companies assessed the fallout from two data breaches that Yahoo disclosed last year.