Wednesday, 16 January, 2019

Yahoo's Mayer points to Russians in data-breach apology

Nellie Chapman | 08 November, 2017, 23:38

Chief Executive Officer Marissa Mayer warned hackers are becoming more potent as she joined Equifax Inc.'s interim CEO in trying to reassure a Senate panel the companies are bolstering their defenses.

Mayer says the thefts occurred during her almost five-year tenure and she wants to "sincerely apologize to each and every one of our users".

In the end, she said "Russian agents intruded on our systems and stole our users" data'.

Verizon, which now owns Yahoo, last month also said two breaches in 2013 and 2014 exposed 3 billion customer accounts - far more than the initial estimate. Verizon closed its $4.5 billion acquisition of Yahoo in June, when Mayer resigned from the company.

Senator John Thune, a Republican who chairs the Commerce Committee, asked Mayer on Wednesday why it took three years to identify the data breach or properly gauge its size.

In an opening statement to the Senate Commerce Committee, Mayer apologized to Yahoo's users, blamed "Russian agents" for the breach and said that Yahoo quickly worked to protect user accounts and contact law enforcement.

For Yahoo, lawmakers are probing a 2013 breach, which the company reported in December of 2016 as it proceeded with its plans to merge with Verizon. Thune also pressed Equifax's former CEO Richard Smith and interim CEO Paulino Barros on Equifax's known security vulnerabilities that led to its recent data breach and how the company is now addressing these issues. She said even "robust" defences are not enough to defend against state-sponsored attacks and compared the fight with hackers to an "arms race".

Yahoo only learned about the hack last November, when U.S. law enforcement presented the company with the stolen information, Mayer said.

Mayer apologized for both breaches and said that its hard for companies to fight against state-sponsored attackers who "tend to be more sophisticated, more persistent and who attack more targets.They're very good at hiding their tracks", she said. Equifax's CEO said the same of a breach involving 145 mln consumers. Bill Nelson (D-Fla.) said, "but when". He said Mayer's testimony was "important in shaping our future reactions".

Marissa Mayer told senators she still doesn't know who was behind a 2013 data theft affecting 3 bln users.

The subpoena, first reported by The Hill, was issued on October 25, after legislators repeatedly attempted to get Mayer to appear.