Six senior senators have said Yahoo's two-year delay in reporting the largest known data breach in history is "unacceptable".
The letter, obtained by the Reuters news agency, asked Yahoo Chief Executive Marissa Mayer to explain why the massive hack of more than 500 million accounts wasn't reported two years ago when the breach occurred.
Yahoo said last week that the company had suffered a huge data breach in 2014. The company blamed state-sponsored actors for the attack, but it didn't go into specifics.
It came after a separate data breach in 2012 from a seller named Peace, which was instrumental in the LinkedIn hack. Yahoo was said to be investigating the breach in August, but it instead found evidence of a secondary breach.
The senators said they were "disturbed" that a breach of that size wasn't noticed at the time.
"That means millions of Americans' data may have been compromised for two years. This is unacceptable. This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest," the letter wrote.
Sens. Patrick Leahy, Al Franken, Elizabeth Warren, Richard Blumenthal, Roy Wyden, and Edward Markey signed the letter, dated Tuesday.
The senators also requested a briefing to senate staffers on its incident response and how it intends to protect affected users.
Yahoo said in a statement: "We have received the letter and will work to respond in a timely and appropriate manner."