Sen. Mark Warner (D-VA) is pointing the finger at Yahoo Inc., arguing that the Securities and Exchange Commission should open an investigation after the data breach last week — quite possibly the largest breach in history.
Warner penned a letter to SEC Chair Mary Jo White that the SEC should be looking into Yahoo’s conduct as to how properly it informed investors when and after the incident occurred.
Marissa Mayer, Yahoo’s chief executive officer, was not quick to announce that 500 million accounts had been compromised in the 2014 breach. Apparently, she’d known about it as early as July, according to Warner, who is also the cofounder of the Senate Cybersecurity Caucus. Warner believes Yahoo failed to give timely notification to Verizon Communications Inc. Earlier this year, Verizon announced interest in acquiring Yahoo’s core assets.
“A breach of the magnitude that Yahoo and its users suffered seems to fit squarely within the definition of a material event,” Warner wrote in the letter dated Sept. 26. “The public ought to know what senior executives at Yahoo knew of the breach and when they knew it.”
Yahoo has not confirmed that “Peace” is the hacker behind the 500 million-account hack; at present, it is alleging that the hack was “state-sponsored” in some way.
As for what was compromised, Yahoo did say that the breach could include as much as names, email addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, unencrypted security questions and answers.
This isn’t the first time that Yahoo has been at the center of lawsuits involving failure to secure customer data, especially in the European Union.
This may not look compelling for a deal between Verizon and Yahoo.