Republican senators are concerned about Yahoo's lack of response to the two massive data breaches reported last year. They have given the company CEO Marissa Mayer until February 23 to address unanswered questions about the breaches that made headlines last year.
Senators are losing patience with Yahoo
Senator John Thune (R-S.D.) and Senator Jerry Moran (R-Kan.) said that the CEO has been “unable to provide answers to many basic questions about the reported breaches." Yahoo suffered from unprecedented data breaches in 2013 and 2014 - hacks that compromised 500 million and then over a billion user accounts, respectively.
While the company admitted to the two breaches after signing a deal with Verizon, SEC filing revealed that some employees knew of the breach in 2014 soon after it happened.
According to ArsTechnica, Yahoo also "abruptly" canceled a meeting last month with Senate staff and hasn't rescheduled it. The Republican senators have now set a February 23 deadline for Yahoo to answer lingering questions regarding these breaches.
Senator Thune, who chairs the Senate Commerce Committee, and Senator Moran, who chairs the Consumer Protection and Data Security Subcommittee, sent a letter to Mayer last Friday demanding answers.
The senators' letter seeks answers to the following questions.
1.) With respect to both the 2013 and 2014 incidents, how many users do these incidents affect? Please describe Yahoo!’s efforts to identify and provide notice to these users.
2.) With respect to the aforementioned incidents, what type of data does Yahoo! believe to have been compromised? Does the data include sensitive personal information?
3.) What steps has Yahoo! taken to identify and mitigate potential consumer harm associated with these incidents?
4.) What steps has Yahoo! taken to restore the integrity and enhance the security of its systems in the wake of these incidents?
5.) In addition to answering these questions, please provide a detailed timeline of these incidents, including Yahoo! 2013 initial discovery of a potential compromise of its user information, forensic investigation and subsequent security efforts, notifications to law enforcement agencies, as well as any notification to affected consumers.
Yahoo says the company has received the letter and "will respond as appropriate."
