Former Yahoo and Equifax bosses stumbled through a Wednesday hearing before the Senate Commerce Committee without answering basic questions about their respective massive data breaches, much to the chagrin of questioning lawmakers.
She also wasn't able to say who was to blame for the attack, or why it took three years to learn of the breach.
What makes the Yahoo affair more confusing is that months before the disclosure, the company admitted it had been hacked in an entirely separate breach from 2014, in which 500 million user accounts were stolen.
Mayer recast blame on Russian hackers for the 2014 breach. Justice Department prosecutors filed charges against four Russians, including two intelligence officials and two other hackers.
But while Mayer lacked answers, she countered with contrition.
"As CEO, these thefts occurred during my tenure," said Mayer, during her opening remarks. "I want to sincerely apologize to each and every one of our users."
Sen. Brian Schatz (D-HI) was less than forgiving, who said that it was "unfathomable" Mayer walked away with a payout that amounts to a what "small city" uses for its annual operating budget.
The company lost control of social security numbers, birth dates, home addresses, and in some cases, driving license information, as well as hundreds of thousands of credit card numbers and other personally identifiable information.
But chief among the complaints was that the company failed to fix a flaw that gave the hackers access to the company's systems in the first place.
The company said in September that it knew that hackers exploited a vulnerability in its website, citing a known vulnerability in Apache Struts, a popular web server software. The bug had been patched earlier in March, but Smith said the patches hadn't been installed on its servers.
Sen. Gary Peters (D-MI) said that experts he spoke to said the breach was "not a sophisticated attack," and criticized the company for the oversight.
"I can't think of a clear definition of gross negligence," said Peters. "You don't take the precautions when a [vulnerability] roadmap has been put out?"
Equifax's interim chief executive Paulino Barros said that the company now spends four-times as much on cybersecurity than it did prior to the breach.