Senate Democrats on Tuesday asked Yahoo for answers about its handling of the recently revealed data breach that resulted in more than 500 million accounts being compromised by hackers.
In a letter addressed to CEO Marissa Mayer, six lawmakers led by Sen. Patrick Leahy of Vermont said they were “disturbed” that Yahoo only announced on Thursday that the personal information of millions of its users was stolen in a cyber heist that unfolded in late 2014 but wasn’t disclosed until last week.
“That means millions of Americans’ data may have been compromised for two years. This is unacceptable,” the Democrats wrote.
The senators have asked Ms. Mayer to provide them with a detailed timeline that explains when her company learned it had been hacked and how it reacted, as well as information about its efforts to safeguard its users from further attacks on their privacy.
“This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles,” the letter said.
“This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest. Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information.”
The letter was co-signed by Massachusetts Senators Elizabeth Warren and Edward Markey, as well as colleagues Al Franken of Minnesota, Richard Blumenthal of Connecticut and Oregon’s Ron Wyden.
A spokesperson for Yahoo acknowledge receiving their letter Tuesday and said in a statement the company “will work to respond in a timely and appropriate manner.”
Tech website Motherboard first reported in August that a hacker was selling a significant number of stolen Yahoo data on the dark web, and Recode, another site, said Thursday that Yahoo would confirm that hundreds of millions of accounts had been compromised in a security breach. Yahoo acknowledged later that the records for more than a half-billion accounts was stolen by state-sponsored hackers, but said that breach was likely unrelated to the records that were being offered for sale earlier this summer.
“Conflating the two events is inaccurate,” Yahoo said in statement.
Verizon Communications, the telecom giant slated to acquire Yahoo early next year for $4.8 billion, said it learned of the data breach days prior to Yahoo’s official announcement. Mr. Blumenthal said in a letter of his own last week that federal investigators should consider whether Yahoo purposely concealed details about the hack to inflate its worth.
Another Democrat, Virginia Sen. Mark Warner, has asked the Securities and Exchange Commission to investigate whether Yahoo “fulfilled its obligations under federal securities laws to keep the public and investors informed.”
Mr. Leahy, the lead author of this week’s letter, unsuccessfully proposed legislation last year that sought to codify federal rules and regulations with respect to how and when hacked companies are required to notify customers in the event of a security breach. The five senators who signed their name to Tuesday’s letter are each cosponsors of that bill.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.