(Adds comments from FTC chairwoman)
By Dustin Volz
WASHINGTON, Sept 27 (Reuters) - Six Democratic U.S. senators
on Tuesday demanded Yahoo Inc explain why hackers'
theft of user information for 500 million accounts two years ago
only came to light last week and lambasted the company's
handling of the breach as "unacceptable."
The lawmakers said they were "disturbed" the 2014 intrusion,
disclosed by the company on Thursday, was detected so long after
the hack occurred.
"That means millions of Americans' data may have been
compromised for two years," the senators wrote in a joint letter
addressed to Yahoo Chief Executive Officer Marissa Mayer. "This
is unacceptable."
Yahoo did not immediately respond to a request for comment
about the letter, which was signed by Senators Patrick Leahy, Al
Franken, Elizabeth Warren, Richard Blumenthal, Ron Wyden and
Edward Markey.
Yahoo has faced mounting questions about exactly when it
knew about the 2014 cyber attack that exposed the email
credentials of users, a critical issue for the company as it
seeks to prevent the breach from affecting a pending takeover of
its core business by Verizon Inc.
The internet firm has said it detected the breach this
summer after conducting a security review prompted by an
unrelated hacking claim that turned out to be meritless. Yahoo
has not given a precise timeline explaining when it was made
aware of the 2014 attack, or if it knew of the breach before
announcing the deal with Verizon in late July.
In a Senate hearing on Tuesday, Federal Trade Commission
Chairwoman Edith Ramirez said her agency supported quick
disclosures although she declined to say if the FTC was
investigating Yahoo.
"In our view, approximately 30 to 60 days (after a breach is
discovered) might be appropriate," she told the Senate Commerce
Committee. "It is necessary for consumers to be notified so they
can take appropriate steps to protect themselves."
In their letter, the senators requested Yahoo brief them on
the company's investigation, cooperation with authorities and
plans to protect affected users.
The senators asked Mayer for a timeline of the hack and
discovery as well as Yahoo's steps to prevent another breach in
the future.
The letter came a day after Democratic Senator Mark Warner
asked the U.S. Securities and Exchange Commission to investigate
whether Yahoo and its senior executives fulfilled obligations to
inform investors and the public about the hacking attack, which
Yahoo has blamed on a "state-sponsored actor."
(Reporting by Dustin Volz; Additional reporting by Diane Bartz;
Editing by Andrew Hay and Cynthia Osterman)
© 2019 Thomson/Reuters. All rights reserved.