Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo's Delay in Reporting Hack 'Unacceptable', Say Senators (zdnet.com)

Posted by msmash on from the tell-me-why dept.

Yahoo won't be able to get away with its mega data breach from 2014 that it only reported this month. Six senior senators have said Yahoo's two-year delay in reporting the largest known data breach in history is unacceptable. The senators have asked Yahoo CEO Marissa Mayer to explain why the massive hack of more than 500 million accounts wasn't reported two years ago when the breach occurred. From a ZDNet report:The senators said they were "disturbed" that a breach of that size wasn't noticed at the time. "That means millions of Americans' data may have been compromised for two years. This is unacceptable. This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest," the letter wrote. Sens. Patrick Leahy, Al Franken, Elizabeth Warren, Richard Blumenthal, Roy Wyden, and Edward Markey signed the letter, dated Tuesday. The senators also requested a briefing to senate staffers on its incident response and how it intends to protect affected users.

3 of 72 comments (clear)

  1. No authority by mveloso · · Score: 5, Insightful

    The Senate has no authority over Yahoo. Why does the Senate care how long it takes to report a data breach?

    If they want, they can write a law and grant that authority to an agency.

    1. Re:No authority by 110010001000 · · Score: 3, Insightful

      "If they want, they can write a law and grant that authority to an agency."

      Yes. That is the next step.

  2. Apparently it's different when the NSA does it by Anonymous Coward · · Score: 2, Insightful

    That means millions of Americans' data may have been compromised for two years.

    Perhaps you and I have differing ideas of what constitutes "compromised." It seems you don't see it as compromising when the government does it - even without permission or oversight and with constant lies about it. Why is that? It's also the case that our data have been compromised for nearly two decades. Perhaps you should call for the end to the unethical, immoral, and unconstitutional spying instead - which you can actually do something about.

    This isn't to absolve Yahoo! of its wrongdoing. It certainly should have been more diligent in disclosure. But to me, the differences are pretty clear. You could never have done business with Yahoo! and while it sucks a lot for the people harmed, you can not do business with Yahoo! in the future as well. Once the data's out there, the harm's pretty much been done. There's not a lot that anybody can do regardless of being notified or not. They can change their passwords and hope the effort is too much to make them interesting.

    The NSA, on the other hand... you can't avoid "doing business" with them in the past or in the future, the data's been sucked up for decades (and this is going to start causing some serious shadow problems within the next 15-30 years as the previous generation(s) of lawmakers, law enforcers, and law upholders dies off - information never stopped being power and that means that the NSA has significant leverage on anyone and everyone), and no amount of anything you can personally do except go find a remote forest and forage out of it is going to protect you.

    This idea that the government is going to save us from anything by forcing a company to be a bit swifter on the uptake is repugnant.