Former Yahoo CEO Marissa Mayer apologized for the company’s prior data breaches Tuesday on Capitol Hill, and said Russian agents were responsible for at least one of the breaches.
Mayer and Equifax executives appeared at a Senate Commerce, Science and Transportation hearing titled “Protecting Consumers in the Era of Major Data Breaches,” as the government tries to get a handle on what can be done going forward. According to Reuters, Mayer said that aggressive pursuit of hackers is needed.
A Constant Battle
“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data,” Mayer said at the hearing.
It’s not always easy for companies to identify the attackers. Yahoo couldn’t determine how the 2013 data breach occurred, and the Equifax executives said they still don’t know who’s responsible for this year’s massive Equifax breach.
As the AP reported, Mayer also issued a stark warning on the current state of cybersecurity. “As we all have witnessed: no company, individual or even government agency is immune from these threats,” she said.
Laws Being Considered
Members of the Senate committee were discussing possible things they could do to improve responses to breaches. Committee chairman Sen. John Thune (R-S.D.) said a federal law should be considered that requires companies how and when they must notify consumers of a breach. Bill Nelson (D-Fla.) wants corporations to be held more accountable for such breaches.
While the committee considers ways to keep companies accountable, some members of Congress are mulling a controversial “hack back” bill that would allow victims of cyberattacks to “leave their networks to attribute attacks, disrupt them, retrieve or destroy stolen data and track the behavior of the attacker,” The Hill reports. But some security officials see more negatives than positives in letting hacking victims attempt their own retaliation responses.
Yahoo and Equifax are responsible for two of the largest data breaches in recent years. For a list of other major breaches, check out our recent article Not Just Equifax: Six Of The Biggest Data Breaches In The Modern Tech Era.