Yahoo Inc. should face a Securities and Exchange Commission investigation into whether the Internet media company properly informed investors and the public about a massive data breach that it confirmed last week, Sen. Mark Warner, D-Virginia, said in a letter to SEC Chair Mary Jo White.
Marissa Mayer, Yahoo’s chief executive officer, waited until last week to formally disclose that information on 500 million accounts had been compromised in the 2014 breach even though she’s known about it as early as July, wrote Warner, co-founder of the Senate Cybersecurity Caucus. He also questioned whether Yahoo also failed to give timely notification to Verizon Communications Inc., which announced plans to acquire the company’s core assets earlier this year.
“A breach of the magnitude that Yahoo and its users suffered seems to fit squarely within the definition of a material event,” Warner wrote in the letter dated Sept. 26. “The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.”
Yahoo last week announced results of an investigation that found customers’ personal information was stolen in a state-sponsored attack in late 2014. Compromised information may include names, e-mail addresses, phone numbers, dates of birth, encrypted passwords and, in some cases, un-encrypted security questions and answers, the company said. Yahoo has since been accused in lawsuits of failing to secure customer data and has raised “serious questions” among privacy regulators in the European Union.
The data theft disclosure comes at a particularly sensitive time for Mayer, as she looks to close the Verizon acquisition by early next year. She has dealt with difficulties and complaints about Yahoo’s e-mail service in the past. Verizon said it was notified of the breach days before it was publicly disclosed.
Subscribe to the Morning Review newsletter
Get the day’s top headlines delivered to your inbox every morning by subscribing to our newsletter.