Four decisions made on May 12 — and what each one cost

Every calendar date carries its own archaeology. Dig into May 12 and you find four decisions — spread across seven decades, two continents, and three industries — that each carried the same hidden assumption: that control over the outcome would remain with the people making the call.

It rarely did.

On May 12, 2015, Verizon Communications announced it would acquire AOL for $4.4 billion in cash, paying $50 per share.1 The pitch was reasonable on its face: AOL had spent years rebuilding around a programmatic advertising platform and owned media properties including HuffPost, TechCrunch, and Engadget. Verizon, for its part, sat on an extraordinary trove of subscriber location and behavioral data. Put the two together, the thinking went, and you had a machine that could compete with Google and Facebook in digital advertising.

Susan Bidel, a Forrester Research analyst, captured the logic at the time: "Verizon has a tremendous amount of data. It knows who you are and where you are."1

The deal closed June 23, 2015. Two years later, Verizon folded AOL into Yahoo — which it had also acquired for $4.48 billion — and called the combined unit "Oath." By December 2018, Verizon wrote down Oath's goodwill by $4.6 billion, a figure that almost exactly erased the original AOL purchase price. In 2021, it sold the whole thing to Apollo Global Management for $5 billion, a fraction of the $9 billion it had spent across both deals.

The lesson isn't that programmatic advertising — the technology for automated, data-targeted ad buying — is a bad business. Data from telecom subscribers and data from digital advertisers simply aren't interchangeable assets. Owning both doesn't mean you can synthesize them — especially when the architecture, incentives, and talent needed to do so belong to neither company's core.

Seventeen years before the Verizon announcement, and on the same calendar date, SBC Communications unveiled a deal that dwarfed almost everything that had come before it.2 On May 12, 1998, SBC said it would acquire Ameritech Corp. for what was then the largest merger in telecommunications history — $62 billion in stock. The combined company would control roughly 52 million local phone lines across 13 states, about one third of all U.S. lines.

The context was the 1996 Telecommunications Act, which had theoretically opened local phone markets to competition. SBC and Ameritech argued that consolidation would accelerate the build-out of broadband and sharpen their ability to compete against the cable companies. Ameritech CEO Richard Notebaert framed it with characteristic bluntness: "We like to think of this as Viagra for competition."2

FCC Chairman William Kennard was less enthusiastic: "SBC and Ameritech must show us that this merger will serve the public interest and enhance competition."2

The deal closed in October 1999. SBC then acquired AT&T Corp. for $16 billion in 2005 and adopted the AT&T name. By then, it controlled enough of the national telephone infrastructure that critics described the outcome plainly: the pre-1984 Bell System breakup had been substantially undone.

The strategic dilemma that ran through SBC/Ameritech still surfaces regularly in regulated industries — the moment a competitive environment shifts, the logic for the original structural separation can unravel faster than regulators anticipated. The merger that "promotes competition" is often the one that ends it.

At 07:44 UTC on May 12, 2017, ransomware began spreading across Asia.3 Within hours, it had infected more than 300,000 computers in 150 countries. The UK's National Health Service was among the hardest hit — 70,000 devices locked, surgeries cancelled, ambulances diverted. Spain's Telefónica, FedEx, Nissan's UK plant, and Deutsche Bahn all reported disruptions. Total estimated losses reached $4 billion.

The malware, WannaCry, exploited a Windows vulnerability called EternalBlue. The exploit had been developed by the U.S. National Security Agency and was stolen from NSA servers in 2016 by a group calling itself Shadow Brokers. Microsoft had issued a patch in March 2017, but millions of machines — particularly in hospitals and infrastructure operators running older, un-updated systems — remained unprotected.

Microsoft President Brad Smith put it directly: "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."3

The attack was stopped the same day by Marcus Hutchins, a 22-year-old British security researcher who noticed the malware checked a dormant domain before executing. He registered it for $10.69. The worm stopped spreading at 15:03 UTC.

In December 2017, the U.S. and UK governments attributed the attack to North Korea's Lazarus Group.

Image from: Wikipedia: WannaCry ransomware attack

For any organization running critical infrastructure, the WannaCry lesson is structural: the patch cycle is a security decision, not an IT housekeeping task. And for policymakers: the decision to stockpile a vulnerability rather than disclose it to the vendor transfers risk to every organization running that software. Once the exploit leaks, the stockpiler no longer controls who gets hurt.

A year before WannaCry, and also on May 12, Apple announced an investment that broke its own pattern. For a company that had spent decades generating returns through product margins rather than financial stakes, a $1 billion investment in a Chinese ride-hailing startup was unusual.4 Didi Chuxing, Uber's dominant rival in China, called it "the single largest investment it has ever received."

Tim Cook's public rationale was deliberate in its modesty: "We are making the investment for a number of strategic reasons, including a chance to learn more about certain segments of the China market. Of course, we believe it will deliver a strong return for our invested capital over time as well."4

The market intelligence rationale proved well-founded: Didi did win the China ride-hailing war. Uber sold its China operations to Didi in August 2016, just three months after Apple's investment. But the financial logic unraveled more slowly. Didi went public on the NYSE in June 2021 at a $68 billion valuation — then, within days, Chinese regulators launched an investigation and forced the app off domestic app stores. Didi delisted from the NYSE in 2022.

Apple's $1 billion stake, once worth multiples of its entry price, almost certainly sustained significant write-downs through that sequence.

The decision pattern here — using a financial investment primarily as a market intelligence instrument — is common among large technology companies operating in markets they can't enter directly. It works best when the political environment remains stable and the exit options are clear. Neither condition held in this case. "Learning bets" in markets where the rules can change by regulatory decree require something Cook's stated rationale didn't include: an explicit plan for what happens when the learning stops paying.