By Rob Tricchinelli, Bloomberg BNA
The Securities and Exchange Commission should scrutinize whether Yahoo! Inc. adequately disclosed the widespread data breach it suffered in 2014, Sen. Mark Warner (D-Va.) said on Monday.
“The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it,” Warner said in a letter to SEC Chairman Mary Jo White.
More than half a billion user accounts were affected by the 2014 breach, which was made public by the company Sept. 22. The breach contained user names, email addresses, phone numbers, encrypted passwords and some unencrypted security questions and answers.
Yahoo learned in July of a potential breach, but didn’t file a disclosure form telling the public about it, Warner noted.
“I encourage you to evaluate the adequacy of current SEC thresholds for disclosing events of this nature,” Warner, cofounder of the Senate Cybersecurity Caucus, wrote.
He also asked whether Yahoo timely notified Verizon Communications Inc., which is planning to acquire Yahoo’s core internet assets for $4.83 billion. The deal hasn’t been finalized.
Yahoo users have already filed class actions against the company related to the breach.
The SEC declined to comment.
To contact the reporter on this story: Rob Tricchinelli in Washington at firstname.lastname@example.org.
To contact the editor responsible for this story: Phyllis Diamond at email@example.com.