Lawmakers on the Senate Commerce Committee are slamming Yahoo for failing to answer questions regarding data breaches that affected at least one billion account holders.
"Despite several inquiries by committee staff seeking information about the security of Yahoo user accounts, company officials have thus far been unable to provide answers to many basic questions about the reported breaches," Sens. John Thune (R-South Dakota) and Jerry Moran (R-Kansas) write in a letter to Yahoo CEO Marissa Mayer.
The lawmakers also said Yahoo raised concerns about its "willingness to deal with Congress with complete candor" by canceling a staff briefing last month.
The senators' letter addresses major security breaches that occurred in 2013 and 2014. In August or 2013, hackers obtained data that may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and security questions connected to up to 1 billion Yahoo accounts. The following year, hackers stole similar data associated with as many as 500 million accounts.
Yahoo didn't disclose eitherbreach until last year.
Thune and Moran are now asking Yahoo to provide additional details about the breaches and their aftermath, including what steps the company has taken to notify users and mitigate any harm to them.
The lawmakers also are asking Yahoo for a "detailed timeline" of the data breaches, including the company's discovery of the breach to its efforts to notify law enforcement and users about the incidents.
Thune and Moran aren't the first ones to question Yahoo's handling of the data breaches. Last September, six Democratic senators told Mayer the lengthy lag time between the 2014 data breach and its disclosure to consumers was "unacceptable."
"Millions of Americans' data may have been compromised for two years," Sens. Patrick Leahy (Vermont), Ed Markey (Massachusetts), Elizabeth Warren (Massachusetts), Richard Blumenthal (Connecticut), Ron Wyden (Oregon) and Al Franken (Minnesota) wrote" last September. "This is unacceptable."
Yahoo also is facing a probe by the Securities and Exchange Commission, which said last month that it is investigating whether the company waited too long to notify investors about the hacks. Last November, Yahoo disclosed in an SEC filing that some employees knew about the 2014 data breach the same year it occurred.