Ex-Yahoo CEO Sorry for Hacks That Affected All 3 Billion Users


Congress grilled Mayer on why it took so long to let users know about the breach and why Yahoo! underestimated the number of accounts affected.

Verizon, the largest USA wireless operator, acquired most of Yahoo Inc's assets in June, the same month Mayer stepped down.

Mayer joined former and current CEOs of Equifax in testifying before the committee examining recent data breaches.

In September, Equifax revealed that hackers had stolen the personal information of over 140 million United States consumers from its website.

At least 145.5 million US consumers were affected by a separate attack on credit reporting company Equifax, an attack that has already been scrutinized heavily by regulators.

The current and former chief executives of credit bureau Equifax, which disclosed in September that a data breach affected as many as 145.5 million USA consumers, said they did not know who was responsible for the attack.

'As we all have witnessed: no company, individual or even government agency is immune from these threats, ' Mayer said.

"A combination cooperation between public private to address this issue is needed", said former Equifax CEO Richard Smith.

In the end, she said "Russian agents intruded on our systems and stole our users" data'.

Mayer apologized for both breaches and said that its hard for companies to fight against state-sponsored attackers who "tend to be more sophisticated, more persistent and who attack more targets.They're very good at hiding their tracks", she said.

Yahoo only learned about the hack last November, when U.S. law enforcement presented the company with the stolen information, Mayer said.

Barros told the committee he has focused on improving customer service and revising the company's structure so that the company's chief security officer reports directly to him.

Sen. John Thune, R-S.D., the committee chairman, said 48 states have separate laws governing how and when companies must notify consumers of a breach.

She said Yahoo still has not been able to identify the intrusion that led to that theft.

Last month, Yahoo said the breach apparently exposed all its users at the time it occurred.

The Senate Commerce Committee took the unusual step of subpoenaing Mayer to testify on October 25 after a representative for Mayer declined multiple requests for her voluntarily testimony.