U.S. Senator Richard Blumenthal (D-CT) has called for Congress to enact data breach and security legislation following Yahoo’s Thursday disclosure of a 2014 data breach.
The breach affected well over 500 million users, making it the largest publicly disclosed data breach in history to date. The company knew about the breach since 2014, and did not disclose this to its users, something the senator took particular exception to, calling it a “blatant betrayal of users’ trust.”
All Yahoo had to do, at the minimum, was ask users to reset their passwords when the company first found out about the breach, Blumenthal said.
“Asking users to reset their passwords when it first learned of the breach would have been a simple and effective step at mitigating any risk to accounts and protecting consumer data,” he said in a statement released on Thursday night.
The senator said Yahoo’s failure to coordinate with law enforcement when it found out about the hack in August was unacceptable.
“If Yahoo knew about the hack as early as August, and failed to coordinate with law enforcement, taking this long to confirm the breach is a blatant betrayal of their users’ trust. E-mail accounts can be a trove of sensitive personal information.”
Sneaky Tactic by Yahoo to Boost Valuation
Blumenthal said Yahoo may have concealed information regarding the hack as a sneaky tactic to boost its profile in its pending acquisition by Verizon, calling for stiff sanctions.
“..only stiffer enforcement and stringent penalties will make sure companies are properly and promptly notifying consumers when their data has been compromised. As law enforcement and regulators examine this incident, they should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon.”
Yahoo released a statement claiming the hack occurred as early as 2014, however a hacker calling himself “Peace,” claimed to have hacked at least 200 million Yahoo accounts in 2012, which he was selling for $1,800.
The Federal Bureau of Investigation told CNN Money that the bureau is investigating the hack:
“The FBI is aware of the intrusion and investigating the matter. We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals.”