Marissa Mayer testimony: I don't know how Yahoo hack happened

Nov 09, 2017, 00:52
Marissa Mayer testimony: I don't know how Yahoo hack happened

Former top executives at Yahoo and Equifax have apologised again for breaches that exposed billions of customer accounts.

The US has accused state-sponsored Russian hackers of being behind one of the Yahoo attacks, involvement the Kremlin denies.

And a hack against Yahoo in 2013 affected all of its 3 billion user accounts. Richard Blumenthal of CT says enforcing punishments for data breaches on executives like Mayer could motivate companies to protect users' data.

'As we all have witnessed: no company, individual or even government agency is immune from these threats, ' Mayer said. Thune also pressed Equifax's former CEO Richard Smith and interim CEO Paulino Barros on Equifax's known security vulnerabilities that led to its recent data breach and how the company is now addressing these issues.

Mayer joined former and current CEOs of Equifax in testifying before the committee examining recent data breaches. Its chief security officer now reports directly to the CEO, and a new chief transformation officer is overseeing the firm's broader response. "This hearing will give the public the opportunity to hear from those in charge, at the time major breaches occurred and during the subsequent response efforts, at two large companies who lost personal consumer data to nefarious actors".

They say new laws may be necessary amid rising cyber attacks that threaten the privacy of personal data.

"Massive data breaches have touched the vast majority of American consumers", said Thune.

Mayer later said under questioning that she did not know if Russians were responsible for the 2013 breach, but earlier spoke of state-sponsored attacks.

But that change would be a stark change from the current system, said Paulino de Rego Barros, acting boss of Equifax.

'Only stiffer enforcement and stringent penalties will help incentivize companies to properly safeguard consumer information and promptly notify them when their data has been compromised, ' Nelson said. That means the perpetrators had three years to dive into Yahoo user accounts, and to any other internet accounts registered with the same usernames and passwords.

"To this day, we have still not been able to identify the intrusion that led to the attack". "We verified that it came from Yahoo, but we don't exactly understand how the act was perpetrated", she told the committee.