SUNNYVALE — Yahoo’s former CEO Marissa Mayer refused several times to testify before Congress about the hack that affected all three billion Yahoo accounts, but a subpoena finally compelled her to speak.
That’s according to a new report that’s disputed by Mayer. She was scheduled to testify Wednesday morning at a Senate Commerce Committee hearing titled, “Protecting Consumers in the Era of Major Data Breaches.” The hearing began at 7 a.m. PST (10 a.m. EST).
Yahoo, before it was bought by Verizon for $4.5 billion in June, announced last year that at least half a billion user accounts had been accessed in a data breach. Then Yahoo announced that there had been another hack, affecting more than a billion accounts. That wasn’t the end of it. In October, Verizon in a regulatory filing revealed that the hack of more than a billion accounts was actually a hack of three billion — every single Yahoo account in the world had been breached.
In October, Mayer was hit with a subpoena to compel her to give testimony to the Commerce Committee about the 2013 three-billion-account breach, according to The Hill.
“The committee issued the subpoena on Oct. 25 after Mayer declined multiple requests to testify voluntarily, even after being threatened with legal action,” The Hill reported Tuesday. “Following the subpoena order, Mayer’s representative told the committee that she would comply and testify before the committee.”
A representative for Mayer disputed that description of events, and said she was appearing voluntarily.
“According to her spokesperson, there was a back and forth with Mayer’s representatives and the committee in which she stressed that she was not the best witness for the most recent 2017 disclosure of the 2013 breach in which 3 billion Yahoo accounts were compromised,” according to The Hill. “After it was confirmed that a representative from Verizon would also testify, Mayer agreed to appear; however, the subpoena had already been issued at this point.”
The committee’s chairman, Republican Sen. John Thune, had previously criticized Yahoo after Verizon revealed the true scale of the hack.
“After a breach, affected consumers expect organizations that failed to safeguard sensitive information to be forthcoming about potential risks and explain how they plan to meet their obligations to mitigate damage that may not be known for months or years,” Thune said in October.
In late 2016, Yahoo in a regulatory filing had revealed that the company had known in 2014 about the hack of at least a half billion accounts, but did not reveal it to the public or investors until 2016. Mayer, who led the firm during the data breaches and resigned in June, was to receive a $23 million golden parachute after leaving Yahoo.
Wednesday’s hearing also features Richard Smith, former CEO of Equifax, the credit reporting agency that allowed criminal hackers to steal extremely private personal data from up to 145.5 million Americans.