Skip to main content
close search
site logo
Dive Brief

Former Yahoo CEO still does not know how breach was 'perpetrated,' blames Russia

Published Nov. 9, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; USCapitol

Dive Brief:

  • Marissa Mayer, former CEO of Yahoo, admitted that the company still does not know how the 2013 data breach was "perpetrated," during a testimony before the Senate Commerce, Science and Transportation committee in Washington, D.C. on Wednesday. She was joined by the Paulino do Rego Barros Jr., interim CEO of Equifax, and Richard Smith, former CEO of Equifax.
  • Yahoo was a "victim" of a Russian state-sponsored attack, Mayer said. The company was "praised" for its proactivity and cooperation with federal agencies upon discovery of the attack, she said.
  • Penalties should not be replaced by apologies, said Sen. Richard Blumenthal, D-CT. If Congress is able to hold bad actors accountable such as hackers, he said, companies and executives responsible for mishandling vulnerable data should also face civil penalties. New legislation proposed by the senator, the Data Breach Accountability and Enforcement Act of 2017, would enable the FTC to investigate any entity that discloses a data breach. 

Dive Insight:

Current legislation is weak and does not effectively hold companies accountable for data negligence. The same is true for incentives to motivate companies to improve security practices.  

Yahoo, now owned by Verizon, suffered a 2013 data breach that was initially believed to have impacted one billion users. It was later revealed all three billion users were compromised in October. Yahoo did not learn of the attack until a third party notified the company in 2014, according to Mayer's testimony.

The question circles back to redundancy measures and the culture of leadership in a company. Though Yahoo's admittance was for more transparency measures, Equifax's handling of its breach resulted in mounted scrutiny over the handling and notification measures.

Ultimately, patching is a sentiment deeply woven into the foundation of functional security. Without it, companies are likely to face increasingly sophisticated attacks with less armor to protect itself.

The structure of a company's leadership strongly affects IT. If communication between technical and C-suite officials is lacking, gaps in security practices will persist.

To remedy this structure, Barros said Equifax is taking steps towards strengthening its approach to data security as the CSO now reports directly to him. Additionally, he has appointed a chief transformation officer to oversee Equifax's post-breach resolution efforts.

As for Verizon's role in Yahoo's breach, the solution is a universal framework, including a standard for when and how impacted users are notified, according to Karen Zacharia, chief privacy officer at Verizon, at the congressional hearing. But she warned that notifications should not be too overwhelming, or it may prompt customers to stop paying attention. 

Recommended Reading

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell