Former Yahoo CEO Marissa Mayer appeared distraught at a US Senate hearing Wednesday (Nov. 8) on the unprecedented data breaches at the company during her tenure.
“As you know, Yahoo was the victim of criminal, state-sponsored attacks on its systems, resulting in the theft of certain user information,” Mayer said in her opening remarks, rarely looking up from her notes. “As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users.”
Yahoo disclosed in October that a 2013 breach initially thought to have affected 1 billion user accounts had actually compromised every single account that existed at the time, a staggering 3 billion. Mayer resigned in June after its acquisition by Verizon closed. She had been in the job for about five years.
Mayer hadn’t wanted to testify, declining multiple requests. She appeared before the Senate Commerce Committee on Wednesday after US lawmakers subpoenaed her late last month, according to The Hill. A spokesperson for Mayer contested this version of events to The Hill, saying she was testifying voluntarily.
On Wednesday, Mayer was seated in the center of the five-member panel of executives who appeared to testify on data breaches, which also included Richard Smith, the former Equifax CEO who “retired” shortly after the company disclosed a data breach that compromised the personal information of 143 million Americans.
US lawmakers have grown increasingly skeptical of the power and intimate user details amassed by big technology companies. Representatives from Facebook, Google, and Twitter answered questions before the Senate Judiciary Committee last week as part of the ongoing investigation into Russian meddling in the 2016 US presidential election.
That skepticism was on display as the Senate Commerce Committee questioned Mayer, with a key exchange occurring between her and senator Bill Nelson.
Nelson: At this point, I’m wondering that there’s no such thing as data security. When you think of a sophisticated state actor such as China or Russia, your companies can’t stand up against them. The only person or institution that can stand up against them is the National Security Agency. And what we’re going to see in the future for not only personally identifiable information but also the state secrets of our country, many of which are critical infrastructure as represented by companies such as yours, there’s going to have to be a cooperation between the most sophisticated player in the United States, which is the NSA, and you all. Otherwise we, Americans, are not going to have any more privacy. And if we don’t do something, and if you all don’t do something to change this, we’re going to be right back here, on additional hearings, coming up on this same topic.
Now Ms. Mayer, what do you think? You had a sophisticated state actor coming after you. How do you really think that you could have protected yourself?
Mayer: Even robust defense and processes are not sufficient to protect against a state sponsored attack, especially one that’s extremely sophisticated and persistent. We at Yahoo cooperated with law enforcement and brought these breaches and intrusions to the attention of law enforcement, swiftly each time they were detected. And the DOJ and FBI were of great assistance to the company in identifying the perpetrators and bringing them to justice.
Nelson: But that’s an admission that you’re not protected against a state actor.
A few minutes later, speaking to an executive from Yahoo parent Verizon, Nelson added that protecting consumer privacy was “going to take an attitude change among companies such as yours.”