After a board investigation of the 2014 theft of information on over 500 million user accounts.

U.S. tech giant Yahoo’s top lawyer, Ronald S. Bell, has resigned and its CEO Marissa Mayer lost her 2016 bonus after a board investigation of the 2014 theft of information on over 500 million user accounts, the media reported.

Senior executives, company lawyers and information security staff were aware of the hack and also knew about subsequent attempts to break into the affected accounts in 2015 and 2016 but failed to “properly comprehend or investigate” the situation, Yahoo’s board of directors said in a securities filing on Wednesday.

The board “did not conclude that there was an intentional suppression of relevant information,” The New York Times reported.

He will get no payments

Mr. Bell, a long-time lawyer at Yahoo, resigned on Wednesday and would receive no payments in connection with his departure, the company said. He “appeared to be taking the blame for the company’s security failures.”

The company’s chief information security officer at the time of the 2014 breach, Alex Stamos, left for Facebook in 2015 after repeated battles with Ms. Mayer over security priorities.

The hackers, which Yahoo believes were connected to a foreign government, used the stolen information to forge a type of software called a “cookie” that could be used to access 32 million Yahoo accounts, the company said.

She knew it only last year

Ms. Mayer, who will also give up her 2017 equity compensation in connection with the incident, said she did not learn of the breach until September 2016, the daily said.

“However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year,” she wrote.

Under Ms. Mayer’s employment agreement, her annual target bonus is $2 million and her annual stock award is supposed to be no less than $12 million a year. Her base salary is $1 million a year.

Yahoo said it had revised its procedures for responding to cybersecurity incidents, including the reporting of such incidents to senior executives and the board.

$16 million losses

The company has incurred $16 million in direct costs so far related to the breaches, the daily added.