New revelations that a 2013 security breach at Yahoo affected all three billion of its users has triggered a sharp rebuke from the U.S. Senate, which now plans to drag company representatives back to Capitol Hill for a hearing in the coming weeks.
A powerful U.S. Senate committee is demanding that Yahoo and Equifax testify about two major security breaches
A 2013 breach affected all three billion of Yahoo’s users, more than three times what it initially believed.
Hisham Ibrahim / Getty Images
The powerful Senate Commerce Committee and its chairman, Sen. John Thune, announced on Tuesday that they aim to grill representatives from Yahoo, now owned by Verizon, along with executives from Equifax, a credit-reporting agency whose 2017 security incident affected the most sensitive information of more than 145 million Americans.
“Later this month, the Commerce Committee will call representatives of Yahoo! and Equifax to testify about recent breaches, whether new information has revealed steps they should have taken earlier, and whether there is potentially more bad news to come,” Thune said in a statement.
“I expect witnesses to think hard about their obligations to consumers and offer a sober assessment of remaining risks that could be the subject of a future announcement,” he said.
Yahoo’ts security troubles span many years. Before it was purchased by Verizon, the search-and-advertising company revealed in December that it fallen victim to a cyber attack affecting one billion user accounts in 2013. It was the second major incident at Yahoo, which in 2014 reported another hack affecting 500 million accounts.
At the time, Yahoo faced withering criticism for its poor security practices, and Verizon ultimately opted to shave $350 million from its price when it purchased the tech company. The Securities and Exchange Commission also opened an investigation into whether Yahoo should have informed shareholders about the security incident sooner.
On Tuesday, though, Yahoo announced that the 2013 breach had actually affected three times as many accounts — or, more than three billion, the entirety of its service at the time.
“While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts,” according to Oath, the new name of Yahoo’s business at Verizon, which revealed the information in a statement. “The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.”
Along with Yahoo, the Senate Commerce Committee also plans to grill Equifax, which fell victim to a major security breach of its own this past year. It would be the third panel on Capitol Hill to hold such a hearing, after the Senate Banking Committee convenes its session tomorrow.
On Tuesday, lawmakers on the House Energy and Commerce Committee pilloried Equifax’s since-departed chief executive, Richard Smith, for failing to secure his company’s data and providing confusing information to consumers shortly after the security incident. Rep. Jan Schakowsky, the top Democrat on the committee, also pressed Smith on reports that three Equifax executives unloaded some of their stock days after learning about the breach earlier this summer.
This article originally appeared on Recode.net.
