Former Yahoo CEO apologises for data breaches, blames Russia
Former Yahoo Chief Executive Marissa Mayer apologised on Wednesday for two massive data breaches at the internet company, blaming Russian agents for at least one of them, at a hearing on the growing number of cyber attacks on major US companies.
”As CEO, these thefts occurred during my tenure, and I want to sincerely apologise to each and every one of our users,” she told the Senate Commerce Committee, testifying alongside the interim and former CEOs of Equifax Inc (EFX.N) and a senior Verizon Communications Inc (VZ.N) executive.
“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data.”
Verizon, the largest US wireless operator, acquired most of Yahoo Inc’s assets in June, the same month Mayer stepped down. Verizon disclosed last month that a 2013 Yahoo data breach affected all 3 billion of its accounts, compared with an estimate of more than 1 billion disclosed in December.
In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding a 2014 theft of 500 million Yahoo accounts, the first time the US government has criminally charged Russian spies for cyber crimes.
Those charges came amid controversy relating to the alleged Kremlin-backed hacking of the 2016 US presidential election and possible links between Russian figures and associates of President Donald Trump. Russia has denied trying to influence the US election in any way.
Special Agent Jack Bennett of the FBI’s San Francisco Division said in March the 2013 breach was unrelated and that an investigation of the larger incident was continuing. Mayer later said under questioning that she did not know if Russians were responsible for the 2013 breach, but earlier spoke of state-sponsored attacks.
Senator John Thune, a Republican who chairs the Commerce Committee, asked Mayer on Wednesday why it took three years to identify the data breach or properly gauge its size.
Mayer said Yahoo has not been able to identify how the 2013 intrusion occurred and that the company did not learn of the incident until the US government presented data to Yahoo in November 2016. She said even “robust” defences are not enough to defend against state-sponsored attacks and compared the fight with hackers to an “arms race.”
Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.
“We now know that Russian intelligence officers and state-sponsored hackers were responsible for highly complex and sophisticated attacks on Yahoo’s systems,” Mayer said. She said “really aggressive” pursuit of hackers was needed to discourage the efforts, and that even the well-defended companies “could fall victim to these crimes.”
The Senate Commerce Committee took the unusual step of subpoenaing Mayer to testify on Oct. 25 after a representative for Mayer declined multiple requests for her voluntarily testimony. A representative for Mayer said on Tuesday she was appearing voluntarily.