Yahoo!'s announcement that it had discovered a hack of some half a billion user accounts dating from 2014 prompted Sen. Mark Warner (D-Va.) to push for passage of breach notfication legislation.
Yahoo! said Thursday (Sept. 22) it had uncovered a hack of info that might have included "email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers," though it said it does not think the stolen data included banking or payment card info, which is stored in the affected systems.
Following the notification of uses, Warner, co-founder of the bipartisan Senate Cybersecurity Caucus, said:
“While we have seen more and more data breaches in the private sector in recent years, many of them affecting millions of consumers, the seriousness of this breach at Yahoo is huge.'
But he said that while the scale of the hack makes it one of the largest ever, he said he was "perhaps most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today."
Yahoo! said it did not believe the hacker still had access to the accounts.
"Action from Congress to create a uniform data breach notification standard so that consumers are notified in a much more timely manner is long overdue," said Warner. "I urge my colleagues to work together to pass this essential legislation.”
Warner says he is currently working on a bill to create a "comprehensive, nationwide and uniform data breach standard."
The FCC, which oversees ISP data privacy, is currently proposing data breach requirements and notification deadlines in that space. It does not regulate the data privacy of edge providers like Yahoo!