Yahoo's delay in reporting hack 'unacceptable,' say senators

The lawmakers asked how it took two years to discover the "large intrusion".

Six senior senators have said Yahoo's two-year delay in reporting the largest known data breach in history is "unacceptable".

The letter, obtained by the Reuters news agency, asked Yahoo Chief Executive Marissa Mayer to explain why the massive hack of more than 500 million accounts wasn't reported two years ago when the breach occurred.

INVESTIGATION

More "mega breaches" to come, as rival hackers vie for sales

Despite some success, patience and trust is now fading.

Read More

Yahoo said last week that the company had suffered a huge data breach in 2014. The company blamed state-sponsored actors for the attack, but it didn't go into specifics.

It came after a separate data breach in 2012 from a seller named Peace, which was instrumental in the LinkedIn hack. Yahoo was said to be investigating the breach in August, but it instead found evidence of a secondary breach.

The senators said they were "disturbed" that a breach of that size wasn't noticed at the time.

"That means millions of Americans' data may have been compromised for two years. This is unacceptable. This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest," the letter wrote.

Sens. Patrick Leahy, Al Franken, Elizabeth Warren, Richard Blumenthal, Roy Wyden, and Edward Markey signed the letter, dated Tuesday.

The senators also requested a briefing to senate staffers on its incident response and how it intends to protect affected users.

Yahoo said in a statement: "We have received the letter and will work to respond in a timely and appropriate manner."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All