Marissa Mayer grilled by Congress over massive Yahoo security breach
Posted November 8, 2017 10:12 a.m. EST
NEW YORK (CNNMoney) — Marissa Mayer was given one final job for Yahoo: getting grilled by Congress.
Mayer, the former CEO of Yahoo, testified before a Senate Commerce Committee on Wednesday about a security breach that compromised three billion user accounts, making it the single largest breach in history.
"As CEO, these thefts occurred during my tenure and I want to sincerely apologize to each and every one of our users," Mayer said in opening remarks at the Senate hearing.
The breach took place in August, 2013 and was disclosed by Yahoo in 2016. Yahoo initially said it impacted more than one billion accounts. Verizon, which acquired Yahoo in June, revealed last month that the breach actually compromised all accounts.
At the data breach hearing, which also featured the current and former CEOs of Equifax, Mayer was pressed on why it took so long to disclose the breach and how it could have underestimated the impact by billions of accounts.
"Yahoo did not know of the intrusion in 2013. We learned of the intrusion by files presented to us in 2016," Mayer said. She deflected the increased estimate by noting it was revealed after her tenure at the company had ended.
Mayer left Yahoo when the acquisition closed in June. She walked away from the company with nearly $260 million at the time in stock and severance.
Sen. Brian Schatz, a Democrat from Hawaii, called it "unfathomable to the average person" that the CEOs of Yahoo or Equifax could walk away with "possibly a quarter of a billion dollars" despite the data security failures.
"You harm consumers and you walk away with the amount of money that a small city or county uses for their annual operating budget," Schatz said.
Sen. Jerry Moran, a Republican from Kansas, pressed the Yahoo and Equifax executives on whether consumers can expect their data to be safer today in the wake of the breaches. Verizon's chief privacy officer, Karen Zacharia, stumbled and stopped short of saying yes.
In her remarks, Mayer said companies are effectively in an "arms race" with private hackers and state-sponsored actors as their methods "become more sophisticated."
"The threat from state-sponsored attacks has changed the playing field so dramatically that today I believe all companies, even the most well defended ones, could fall victim to these crimes," Mayer said.
The Justice Department previously indicted two Russian spies for a separate 2014 breach of Yahoo's data. The source of the 2013 breach remains unknown.