Six Democratic senators are demanding answers from Yahoo CEO Marissa Mayer about the massive data breach that the company disclosed last week. The legislators want to know when Yahoo discovered the breach, which occurred in 2014, and why it took so long to disclose it to the public.
The Yahoo data breach involves information from approximately 500 million users, which was taken during an intrusion into the company’s network two years ago. Yahoo officials only discovered the compromise this summer, after reports of a separate breach began circulating online. Company officials say those reports have proven false, but during the investigation the Yahoo security team discovered evidence that pointed them to the 2014 breach.
Data stolen during the compromise includes dates of birth, email addresses, encrypted passwords, and plaintext security questions and answers. Yahoo security officials say no payment card or bank account data was taken, but the senators who sent the letter to Mayer say that the delay in notifying users of the breach is “unacceptable”.
“Millions of Americans’ data may have been compromised for two years. This is unacceptable.”
“The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers. This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles,” the letter says.
“We are even more disturbed that user information was first compromised in 2014, yet the company only announced the breach last week. That means millions of Americans’ data may have been compromised for two years. This is unacceptable.”
Among the questions in the letter, which was signed by Sens. Patrick Leahy, Ron Wyden, Elizabeth Warren, Al Franken, Edward Markey, and Richard Blumenthal, are when Yahoo learned of the breach and how. The lawmakers also asked Mayer why it took so long for the compromise to be discovered. Interestingly, the senators also asked Mayer whether anyone in the federal government alerted the company to the attack.
“Did anyone in the U.S. government warn Yahoo of a possible hacking attempt by state-sponsored hackers or other bad actors? When was this warning issued?” the letter says.