"As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users", she told the Senate Commerce Committee, which had called on her and on Equifax executives to discuss their recent incidents.
While speaking to lawmakers on Wednesday, former Yahoo CEO Marissa Mayer (above) apologized for Yahoo hacks and claims that no company is immune from them. Verizon disclosed last month that a 2013 Yahoo data breach affected all 3 billion of its accounts, compared with an estimate of more than 1 billion disclosed in December.
At least 145.5 million US consumers were affected by a separate attack on credit reporting company Equifax, an attack that has already been scrutinized heavily by regulators.
On Wednesday, several senators said there should be more financial incentive for companies to prevent against hacks, as well as laws that have "teeth" when it comes to notifying consumers of breaches.
Former CEOs of Yahoo and Equifax brought apologies to Capitol Hill as they faced lawmakers with questions about the massive data breaches at their companies and what can be done to protect consumers' personal information. Richard Blumenthal of CT says enforcing punishments for data breaches on executives like Mayer could motivate companies to protect users' data. The Department of Justice and the Federal Bureau of Investigation linked it to a state-sponsored actor and four people, including two Russian intelligence officers, were charged in that attack. Both Mayer and Verizon's Zacharia listed Yahoo's response to the breach, like requiring password changes and improving its encryption.
"We describe this as arms race, hackers become ever more sophisticated and we have to become sophisticated in turn", Mayer said. Six months earlier, Yahoo was targeted for the second time in four years in an attack that compromised more than 3 billion email accounts.
"When you think of a sophisticated state actor, China or Russian Federation, your companies can't stand up against them", said Florida's Senator Bill Nelson.
There was consensus the industry and government should work together to come up with legislation for national data security and breach. He said Mayer's testimony was "important in shaping our future reactions".
Nevertheless, Yahoo still does not fully understand "how the act was perpetrated", Mayer admitted. But the suspected involvement of Russian agents in its breach shows companies still face a formidable challenge, she said.