Washington (September 27, 2016) – Senator Edward J. Markey (D-Mass.), member of the Commerce, Science and Transportation Committee, today joined Senator Patrick Leahy (D-Vt.), the author of a comprehensive data security and breach notification bill that requires companies to take reasonable steps to secure their customers’ sensitive data and notify customers in the event of a hack, in calling on the leader of Yahoo! to disclose how a massive hack at their company went unnoticed for two years. 

In a letter to Yahoo! CEO Marissa Mayer, Markey, Leahy and leading Democratic Senators asked the company to provide a timeline of the hack, which compromised at least 500 million accounts, and when law enforcement and users were notified.  The lawmakers are also seeking information about how widespread the hack is, and what Yahoo! is doing to prevent such a hack in the future.

“The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers.  This is highly sensitive, personal information that hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles,” the letter states. 

 

The letter continues: “We are even more disturbed that user information was first compromised in 2014, yet the company only announced the breach last week.  That means millions of Americans’ data may have been compromised for two years.  This is unacceptable.  This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest.  Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information.”

 

Leahy and Markey introduced the Consumer Privacy Protection Act last year to establish a comprehensive approach to data security by requiring companies to take preventative steps to defend against cyber attacks and prevent data breaches, and to quickly notify customers in the event a data breach occurs.  The measure addresses the kinds of security breaches that have affected retail stores in recent years, as well as breaches of personal email, online accounts, and cloud computing that have sent Americans’ personal information, photos and even location out into public view. 

 

Co-sponsors of the consumer privacy legislation who also joined the letter to Yahoo! include Senators Al Franken (D-Minn.), Elizabeth Warren (D-Mass.), Richard Blumenthal (D-Conn.) and Ron Wyden (D-Ore.).

 

A copy of the September 27 letter to CEO Marissa Mayer can be found here online.

 

###