Nov. 8 (UPI) — The Senate’s commerce committee sought answers from Equifax and Yahoo executives Wednesday, over the companies’ massive data breaches this year.
Those interviewed by the committee included Interim Equifax CEO Paulino do Rego Barros Jr., former Equifax chief Richard Smith and former Yahoo CEO Marissa Mayer.
They answered questions about the Equifax breach in September and Yahoo’s in March. Other witnesses included Verizon Chief Privacy Officer Karen Zacharia and Entrust Datacard President Todd Wilkinson.
Equifax revealed that hackers had gained access to sensitive information of 143 million U.S. consumers. Six months earlier, Yahoo was targeted for the second time in four years in an attack that compromised more than 3 billion email accounts.
Barros apologized, and Mayer blamed Russian influences for the cyberattacks against Yahoo.
“Yahoo worked closely with law enforcement, including the Federal Bureau of Investigation, who were ultimately able to identify and expose the hackers responsible for the attacks,” she said.
“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data.”
Although Mayer testified that the 2014 breach was state-sponsored, Yahoo still hasn’t concluded who was responsible for the 2013 hack.
Lawmakers said rigorous security rules are needed to counter the hacks and that companies need “extreme” limits to protect customers’ privacy.
“It’s going to take an attitude change among companies such as yours, that we’ve got to go to extreme limits to protect our customers’ privacy,” Sen. Bill Nelson, D-Fla., said.
“Companies that collect and store personal data on American citizens must step up to provide adequate cybersecurity,” Sen. John Thune, chairman of the committee, said. “And there should be consequences if they fail to do so.”
Zacharia noted two items that should appear in data breach legislation — a national framework to provide a response standard to an attack, and compliance for notifying customers.
Barros mentioned that Equifax is working on an application that would let customers lock and unlock personal credit data. He said that app is in development and may release in January.