UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 

FORM 6-K

 

Report of Foreign Private Issuer

Pursuant to Rule 13a-16 or 15d-16 of

the Securities Exchange Act of 1934

 

January 31, 2023

 

YANDEX N.V.

 

Schiphol Boulevard 165

1118 BG, Schiphol, the Netherlands.

Tel: +31 202 066 970

(Address, Including ZIP Code, and Telephone Number,

Including Area Code, of Registrant’s Principal Executive Offices)

 

Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F.

 

Form 20-F x     Form 40-F o

 

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(1): o

 

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(7): o

 

 

 


Furnished as Exhibit 99.1 to this Report on Form 6-K is a press release of Yandex N.V. (the “Company”) dated January 31, 2023, providing an update on a cybersecurity incident.


  SIGNATURES

 

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

 

 

YANDEX N.V.

 

 

 

 

 

 

Date: January 31, 2023

By:

/s/ Svetlana Demyashkevich

 

 

Svetlana Demyashkevich

 

 

Chief Financial Officer

 


INDEX TO EXHIBITS

Exhibit No.

Description

99.1

Press release of Yandex N.V. dated January 31, 2023, providing an update on a cybersecurity incident.


Exhibit 99.1

Yandex comments on cybersecurity incident

January 31, 2023 – Yandex N.V. (NASDAQ: YNDX), the Dutch parent company of the Yandex Group confirms that certain fragments of its program code have been discovered in the public domain. Among the information that was leaked was code relating to a number of Yandex services.

The company is taking this matter extremely seriously and has initiated a thorough investigation into the cause, content and implications of the leak. As of today, Yandex has found no evidence that personal information of its users or the performance of its services have been impacted. The company also notes that the published fragments of the code are outdated and differ from the version currently used by its services, while some of the published fragments were never actually used in operations.

At the same time, the preliminary investigation has surfaced a number of violations of Yandex’s own internal policies in the code, including a violation of Yandex’s Principles and Code of Business Ethics & Conduct. In addition, the investigation has uncovered certain adverse consequences of the company’s Zero Bug Policy (a framework of zero tolerance for bugs, which has been in place in the company for many years), which in some cases led to temporary manual solutions being introduced over automated processes and algorithms to fix an identified problem. Examples include the following:

The code contained the contact details of some service partners, which should have been stored separately. For example, in certain cases, the contacts and license numbers of taxi drivers were transferred from one taxi company to another.
In the Yandex Lavka code, it was possible to manually set up recommendations for any product without clarifying that it was an ad.
Issues were identified in search resulting in part from manual attempts to fix bugs in the service or to resolve problems with the algorithms (e.g., manual improvements of filtering criteria to eliminate inappropriate content such as child pornography, and insulting or offensive remarks).
Some parts of the code contained racial slurs. While they didn’t affect the operation of the relevant services in any way, they were nevertheless deeply offensive and completely unacceptable.


Many of these and other issues which came to light following the code leak have already been fixed or are in the process of being fixed.

The company takes principles such as integrity, transparency, a lack of bias and providing a safe digital environment extremely seriously and acknowledges a failure in management systems and oversight which prevented the issues described above from being prevented or detected earlier.

Based on the results of the investigation, the company will take all possible measures to strengthen its policies and enforce greater effectiveness of its management and oversight systems to ensure such issues are not repeated.

Yandex apologizes to everyone affected by this situation.