Equifax and Yahoo Executives Skirt Questions at Senate Hearing zdnet.com

Zack Whittaker, ZDNet:

Marissa Mayer, who led Yahoo until she left earlier this year with a $260 million payout after the web giant was bought by Verizon, wasn’t able to tell senators how hackers were able to steal the company’s entire store of three billion user accounts during a breach in 2013.

[…]

Richard Smith, meanwhile, who retired earlier this year after the catastrophic data breach at credit agency Equifax, which affected more than 145 million Americans, couldn’t tell senators who was behind the attack.

I understand that these investigations take time, and that the people involved in these kinds of attacks try to cover their steps as best they can. What I don’t understand is how, even with prior knowledge, both Yahoo1 and Equifax2 failed to take appropriate and responsible measures. We’re allowed to click the “Install Later” button beside system updates all we want, with very few consequences; a major corporation handling unfathomable amounts of data cannot take that risk. So why did they?

  1. Yahoo experienced several security breaches prior to the 2013 one that affected three billion accounts, and several after that as well. ↥︎

  2. A known vulnerability was used to breach Equifax’s systems. ↥︎