The WP29 (Group of the EU data protection authorities) has sent a letter to Yahoo following the announcement by its Privacy Officer on September 22 of a massive security breach concerning more than 500 million users including many EU citizens.
The WP29 has requested further information about how Yahoo handled the security breach, more particularly the steps taken to inform the users of the consequences of such a security breach.
The WP29 is also concerned by the scan of users’ emails for US intelligence purpose and has requested explanations regarding the compliance of this surveillance activity with the EU data protection rules.
If the Data Protection authorities are not satisfied with Yahoo answer, they may take enforcement action against Yahoo.
You can see the letter here