Republican senators demand answers from Yahoo exec on data breaches

Lawmakers looked to Yahoo’s outgoing CEO for answers Friday after previous attempts to investigate the data breaches disclosed by the company last year came up empty-handed.

Repubican Senator John Thune of South Dakota and Sen. Jerry Moran of Kansas raised questions with Yahoo CEO Marissa Mayer in a letter Friday concerning a pair of high-profile data breaches that resulted in more than a billion accounts being compromised by hackers.

Yahoo announced in September 2016 that 500 million accounts had been affected by a 2014 data breach, only to reveal three months later that a separate, earlier incident had compromised upwards of 1 billion user accounts. Although they quickly gained the attention of Congress, however, the senators said in Friday’s letter that several questions regarding either breach remain unanswered.

“Despite several inquiries by Committee staff seeking information about the security of Yahoo! user accounts, company officials have thus far been unable to provide answers to many basic questions about the reported breaches,” wrote Mr. Thune and Mr. Moran, the chairs of the Senate Commerce Committee and the panels consumer protection and data security subcommittee, respectively.

Coupled with Yahoo’s “last-minute cancellation” of a planned congressional briefing last month, the Republican lawmakers said they’re concerned with Yahoo’s “willingness to deal with Congress and the company’s completely candor about these recent events.”

“We hope that you will dispel these concerns,” the lawmakers wrote.

To accomplish as much, the Republicans attached a list of five lingering questions concerning either security breach, including regarding the company’s response to the hacks and any subsequent actions taken toward strengthening data security, among other questions.

“Protecting consumers has been and will remain a key priority of this Committee,” the senators wrote. “Out goal is to understand what subsequent steps Yahoo! has taken to investigate what occurred, restore and maintain the integrity of its systems, and identify and mitigate potential consumer harm.”

The letter requests a response from Ms. Mayer no later than February 23. Yahoo said in a Securities and Exchange Commission filing last month that Ms. Mayer is slated to resign from the internet company’s board of directors if and when Verizon follows through with a planned multi-billion dollar merger announced prior to the data breaches being disclosed.