US senators accuse Yahoo of unacceptable delay in hack discovery

  • TECH
  • Wednesday, 28 Sep 2016

In the hot seat: A Yahoo spokesman said the company would respond in a timely and appropriate manner to the letter.

WASHINGTON: Six US senators demanded that Yahoo Inc explain why hackers' theft of user information for 500 million accounts two years ago came to light only last week and called the company's handling of the breach "unacceptable."

The lawmakers, all Democrats, said they were "disturbed" that the 2014 intrusion, which was disclosed by the company on Thursday, was detected so long after it occurred.

"That means millions of Americans’ data may have been compromised for two years," the senators wrote in a letter to Yahoo chief executive Marissa Mayer. "This is unacceptable."

A Yahoo spokesman said the company would respond in a "timely and appropriate manner" to the letter, which was signed by Senators Patrick Leahy, Al Franken, Elizabeth Warren, Richard Blumenthal, Ron Wyden and Edward Markey.

The top US stock market regulator said separately that prompt disclosure by companies of "cyber events" is a priority. Securities and Exchange Commission Chair Mary Jo White, asked about Yahoo, said she could not comment specifically on it.

She earlier said at a conference that SEC examiners in recent months have been checking that companies comply with 2011 agency guidance stressing the need to disclose hacks.

Yahoo has faced mounting questions about exactly when it knew about the 2014 cyberattack that exposed the e-mail credentials of users, a critical issue for the company as it seeks to prevent the breach from affecting a pending takeover of its core business by Verizon Inc.

The Internet firm has said it detected the breach this summer after conducting a security review prompted by an unrelated hacking claim that turned out to be meritless. Yahoo has not given a precise timeline explaining when it was made aware of the 2014 attack, or if it knew of the breach before announcing the deal with Verizon in late July.

In a Senate hearing on Tuesday, Federal Trade Commission Chairwoman Edith Ramirez said her agency supported quick disclosures although she declined to say if the FTC was investigating Yahoo.

"In our view, approximately 30 to 60 days (after a breach is discovered) might be appropriate," she told the Senate Commerce Committee. "It is necessary for consumers to be notified so they can take appropriate steps to protect themselves."

In their letter, the senators requested Yahoo brief them on the company's investigation, cooperation with authorities and plans to protect affected users.

The senators asked Mayer for a timeline of the hack and discovery as well as Yahoo's steps to prevent another breach.

The letter came a day after Democratic Senator Mark Warner asked the US Securities and Exchange Commission to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the hacking attack, which Yahoo has blamed on a "state-sponsored actor."

The SEC has guidance for companies on reporting hacks, but companies that have experienced breaches often omit details from regulatory filings, a 2012 Reuters investigation found. —  Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


Next In Tech News

Polish e-commerce group Allegro to pilot own parcel lockers
Jeff Bezos called upon to save thousands of stranded seafarers
China’s ‘wild era’ of Internet may be ending as new personal data protection law seeks to curb Big Tech’s control over user data
Can you beat a virtual Beth Harmon from ‘The Queen’s Gambit’ in a game of chess?
Madonna is trending on Twitter after fans mistakenly thought she died instead of Maradona
Scammers targeting i-Sinar applicants with fake mobile apps
Mexico moves to stem unauthorised sharing of sexual images online
South Korean chat room operator gets 40 years for ‘sextortion’, blackmail
WeRide robotaxis gain loyal passengers but fixed pick-up, drop-off spots irk some, survey shows
A different ‘super spreader’: Facebook struggles with election disinfo

Stories You'll Enjoy