Former Yahoo Chief Executive Marissa Mayer apologized on Wednesday for two massive data breaches at the internet company, blaming Russian agents for at least one of them, Reuters reports.
”As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users,” Mayer told a US Senate panel that was looking into the growing number of cyber-attacks on major US companies.
“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data,” she was quoted as saying.
Mayer testified at the hearing alongside the interim and former CEOs of Equifax and a senior Verizon Communications executive.
Verizon, the largest US wireless operator, acquired most of Yahoo’s assets in June, the same month Mayer stepped down.
Verizon disclosed last month that a 2013 Yahoo data breach affected all 3 billion of its accounts, compared with an estimate of more than one billion disclosed in December.
In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding a 2014 theft of 500 million Yahoo accounts, the first time the US government has criminally charged Russian spies for cyber-crimes.
John Thune, a Republican who chairs the Senate Commerce Committee, asked Mayer on Wednesday why it took three years to identify the data breach or properly gauge its size.
Mayer said Yahoo has not been able to identify how the 2013 intrusion occurred and that the company did not learn of the incident until the US government presented data to Yahoo in November 2016.
She said even “robust” defenses are not enough to defend against state-sponsored attacks and compared the fight with hackers to an “arms race”.
“We now know that Russian intelligence officers and state-sponsored hackers were responsible for highly complex and sophisticated attacks on Yahoo’s systems,” Mayer said, according to Reuters.
She said “really aggressive” pursuit of hackers is needed to discourage the efforts, and that even the most well-defended companies “could fall victim to these crimes”.
The current and former CEOs credit bureau Equifax, which disclosed in September that a data breach affected as many as 145.5 million US consumers, said they did not know who was responsible for the attack.
Senator Bill Nelson said “only stiffer enforcement and stringent penalties will help incentivize companies to properly safeguard consumer information”.
– Contact us at [email protected]