Yahoo Details 2013, 2014 Data Breach Incidents in Response to Senate Commerce Inquiry
Yahoo is enhancing its information security program, reducing exposure of sensitive data and taking other "extensive" technical and organizational steps to protect its systems, said April Boyd, head of global public policy, in an eight-page letter released Friday to a Senate Commerce Committee inquiry. Senate Commerce Chairman John Thune, R-S.D., and Consumer Protection Subcommittee Chairman Jerry Moran, R-Kan., sent a letter to CEO Marissa Mayer (see 1702100059), seeking more information about the 2013 and 2014 breaches that compromised a combined 1.5 billion user accounts. The company disclosed the incidents last year and has been dealing with fallout, including congressional inquiries, lawsuits and uncertainty over a Verizon deal to acquire it (see 1612150010 and 1612230029). The companies said last week they agreed to a price that's $350 million less (see 1702210024). Boyd provided details about how Yahoo notified affected users, types of data compromised, efforts to mitigate harms and its ongoing focus on security. She wrote that even before the incidents were disclosed, the company worked to enhance security. "These matters have received and continue to receive significant attention from executives in the company, including near-daily working sessions with the CEO, a security-focused presentation by Yahoo's Chief Information Security Officer at the company's all-hands meeting each week" and engineering security improvements of products and systems, she wrote. Boyd indicated in the letter that the Yahoo board's independent committee will provide a briefing to members and staff, emailed a Senate Commerce spokesman