Former Yahoo Chief Executive Marissa Mayer apologized on Wednesday for the two massive data breaches at Yahoo that occurred during her tenure and resulted in 3 billion credentials being stolen, blaming Russian agents for at least one of the breaches.
“Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data,” Mayer said in her testimony before a Senate Commerce, Science and Transportation hearing.
She went on to cite the 47-count indictment charging four individuals with crimes against Yahoo and its users brought forth by the U.S. Department of Justice and FBI.
It's important to note that Mayer testified that collaboration between public and private sector is necessary to properly defend U.S. companies from attacks, Jeff Dennis, Managing Partner at law firm Newmeyer & Dillion told SC Media.
"The biggest takeaway from Ms. Mayer's testimony yesterday was an admission that large companies (such as Yahoo) that tout a robust cybersecurity defense, are still vulnerable to cyber attacks from powerful nation states, such as Russia and/or China," Dennis said. "Ms. Mayer correctly identified the cyber threat as “constantly evolving” and a “global challenge.” At one point, Ms. Mayer described the evolution of cyber attacks and defense as an “arms race” that was not a fair fight between nation states and private U.S. companies."
Even though the attack appears to have come from a foreign state, Dennis said the testimony still leaves questions concerning how much responsibility Yahoo should have taken or at least if it should have been aware of the threat sooner. Dennis said he also would have liked to have known what kind of cyber insurance Yahoo had in place to handle risks associated with nation states.