Marissa Mayer grilled by Congress over massive Yahoo security breach
Nov 09 2017
The 42-year-old, who testified before the Senate Commerce Committee on Capitol Hill in Washington on Wednesday, said the thefts occurred during her almost five-year tenure and she wants to 'sincerely apologize to each and every one of our users'.
Yahoo had bumped its estimate of affected accounts from a previous 1B to all of them (3B in total).
The Department of Justice and the Federal Bureau of Investigation linked it to a state-sponsored actor and four people, including two Russian intelligence officers, were charged in that attack. The source of the 2013 breach remains unknown.
Mayer left Yahoo when the acquisition closed in June.
Former CEOs of Yahoo and Equifax brought apologies to Capitol Hill as they faced lawmakers with questions about the massive data breaches at their companies and what can be done to protect consumers' personal information.
Other witnesses in the hearing included interim CEO of Equifax, Paulino do Rego Barros Jr.as well as former Equifax CEO Richard Smith, in addition to Verizon Communications chief privacy officer Karen Zacharia, Entrust Datacard Corporation president and CEO Todd Wilkinson.
"Even robust defenses and processes are not sufficient to protect against a state sponsored attack", she responded.
On Wednesday, several senators said there should be more financial incentive for companies to prevent against hacks, as well as laws that have "teeth" when it comes to notifying consumers of breaches.
At the data breach hearing, which also featured the current and former CEOs of Equifax, Mayer was pressed on why it took so long to disclose the breach and how it could have underestimated the impact by billions of accounts.
Sen. Bill Nelson, D-Fla., said lawmakers need to have the political will to hold corporations more accountable for breaches.
Mayer apologized for both breaches and said that its hard for companies to fight against state-sponsored attackers who "tend to be more sophisticated, more persistent and who attack more targets.They're very good at hiding their tracks", she said.
"We describe this as arms race, hackers become ever more sophisticated and we have to become sophisticated in turn", Mayer said.
Thune told reporters after the hearing the Equifax data breach had created "additional momentum" for Congress to approve legislation.
The Senate Commerce Committee took the unusual step of subpoenaing Mayer to testify on October 25 after a representative for Mayer declined multiple requests for her voluntarily testimony.