No feed items found.
New revelations that a 2013 security breach at Yahoo affected all 3 billion of its users has triggered a sharp rebuke from the U.S. Senate, which now plans to drag company representatives back to Capitol Hill for a hearing in the coming weeks.
The powerful Senate Commerce Committee and its chairman, Sen. John Thune, announced Tuesday that they aim to grill representatives from Yahoo, now owned by Verizon, alongside executives from Equifax, a credit-reporting agency whose 2017 security incident affected more than 145 million Americans’ most sensitive information.
“Later this month, the Commerce Committee will call representatives of Yahoo! and Equifax to testify about recent breaches, whether new information has revealed steps they should have taken earlier, and whether there is potentially more bad news to come,” Thune said in a statement.
“I expect witnesses to think hard about their obligations to consumers and offer a sober assessment of remaining risks that could be the subject of a future announcement,” he said.
For Yahoo, its security troubles span many years. Before it was purchased by Verizon, the search-and-advertising company revealed in December that it fallen victim to a cyber attack affecting 1 billion user accounts in 2013. It was the second major incident at Yahoo, which reported in 2014 another hack affecting 500 million accounts.
At the time, Yahoo faced withering criticism for its poor security practices, and Verizon ultimately opted to shave $350 million from its price to purchase the tech company. The Securities and Exchange Commission also opened an investigation into whether Yahoo should have informed shareholders about the security incident sooner.
On Tuesday, though, Yahoo announced that the 2013 breach actually affected three times as many accounts — or, more than 3 billion, the whole of its service at the time.
“While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts,” according to Oath, the new name of Yahoo’s business at Verizon, which revealed the information in a statement. “The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.”
Alongside Yahoo, the Senate Commerce Committee also plans to grill Equifax, which fell victim to a major security breach of its own this past year. In that incident, hackers accessed more than 145 million Americans’ most sensitive data, including their names, addresses, birth dates, and in some cases, Social Security and driver’s license data.
Already, another congressional panel — the House Energy and Commerce Committee — has grilled Equifax’s since-departed chief executive, Richard Smith, on his handling of the breach.
Democrats and Republicans alike pilloried Smith on Tuesday morning for failing to secure his company’s data and providing confusing information to consumers shortly after the security incident. Rep. Jan Schakowsky, the top Democrat on the committee, also pressed Smith on reports that three Equifax executives unloaded some of their stock days after learning about the breach this summer.
For now, Equifax is set to appear on its own again tomorrow — this time, in front of the Senate Banking Committee, where lawmakers like Democratic Sen. Elizabeth Warren have sharply criticized the company.