Pressure is mounting on Yahoo! to explain how a breach of 500 million-plus accounts could go undetected for two years. Sens. Patrick Leahy (D-Vt.) and Ed Markey (D-Mass.) have called on Yahoo! to explain.
Sen. Mark Warner (D-Va.) has raised similar concerns and wants the SEC to investigate.
In a letter to Yahoo! CEO Marissa Mayer, Leahy and Markey asked for a timeline of events regarding the hack as well as just how widespread it was and what Yahoo! is doing to make sure it doesn't happen again.
“The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers. This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles,” they wrote.
But they said they were even more disturbed that the company only announced the 2014 breach last week. "That means millions of Americans’ data may have been compromised for two years," they told Mayer. "This is unacceptable."
Leahy and Markey are co-sponsors of the Consumer Privacy Protection Act, which would require companies to take affirmative actions to defend against attacks and to swiftly report them to customers when they did occur.
Also adding their names to the Yahoo! letter were Sens. Al Franken (D-Minn.), Elizabeth Warren (D-Mass.), Richard Blumenthal (D-Conn.) and Ron Wyden (D-Ore.). They are also co-sponsors of the legislation.