14 DAY TRIAL // Regular users aren’t the only ones upset about Yahoo’s chosen way to deal with the data breaches that affected its network in 2013 and 2014 and which were revealed last year, as U.S. senators also expressed their disagreement.
Several U.S. senators have accused Yahoo of failing to cooperate with their attempts to investigate the largest data breaches in history. According to a letter signed by John Thune, chair of U.S. Senate’s Committee on Commerce, Science and Transportation, and Jerry Moran, chair of sub-committee for Consumer Protection, Product Safety, Insurance and Data Security, many questions have been left unanswered by Yahoo, despite promises for an explanation.
“Moreover, Yahoo!’s recent, last-minute cancellation of a planned congressional staff briefing, originally scheduled for January 31, 2017, has prompted concerns about the company’s willingness to deal with Congress with complete condor about these recent events,” the letter reads.
It seems that Yahoo contacted the Committee to communicate its announcement regarding the discovery of the 2013 data breach on December 14, agreeing to provide a follow-up staff-level briefing. That meeting was canceled a few days before it was supposed to happen, which left senators quite upset.
“We have attempted to learn more about these incidents for some time. Our goal is to understand what subsequent steps Yahoo! has taken to investigate what occurred, restore and maintain the integrity of its systems, and identify and mitigate potential consumer harm,” the letter further reads.
The questions we all want answers for
Then, the two senators pose pretty much the same questions we’ve all had these past few months. For instance, they want to know exactly how many users these incidents affected and what Yahoo did to identify and provide notice to these users, as well as what data exactly Yahoo believes to have been compromised.
Other questions regard what steps Yahoo has taken to restore the integrity and enhance the security of its systems in the wake of these incidents and whether Yahoo has properly identified and mitigated potential consumer harm associated with the data breaches.
A detailed timeline of the incidents is also demanded by the senators, including the time of the initial discovery of the potential compromise of the user information. It is believed that Yahoo took too long to inform users, as well as investors, of the data breaches, although the latter part is already under investigation by the SEC.
Yahoo was given February 23 as a deadline to provide all this information, so we’re all eager to find out what they have to say.
The data breaches mentioned were announced in September and December of 2016. The first was related to a system breach that took place in 2014, while the latter to one that occurred in 2013. Originally, the initial announcement from September put Yahoo at the top of the list of the largest data breaches in history with some 500,000 accounts affected. That only lasted until December when Yahoo outdid itself and pushed for another first place in this chart, this time with 1 billion accounts affected by the data breach.