Image copyright Getty Images Image caption Interim boss of Equifax Paulino Barros, former chief of Equifax Richard Smith, and former Yahoo boss Marissa Mayer testify. Initially, Yahoo estimated that a billion users had been affected, but in October 2017, it acknowledged that hackers actually compromised three billion accounts. A representative for Mayer said on Tuesday she was appearing voluntarily.
In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding a 2014 theft of 500 million Yahoo accounts, the first time the USA government has criminally charged Russian spies for cyber crimes. Thune also pressed Equifax's former CEO Richard Smith and interim CEO Paulino Barros on Equifax's known security vulnerabilities that led to its recent data breach and how the company is now addressing these issues.
"We work according to the law and use the tools that the industry uses to have arbitration in place", Barros said, referring to consumers' ability to sue Equifax.
Barros told the committee he has focused on improving customer service and revising the company's structure so that the company's chief security officer reports directly to him.
When Barros agreed to accept the job, "some of my family and friends thought I was insane for accepting the challenge", he said.
"Do you think it's right?" The consulting firm, Mandiant, said the tactics aren't familiar.
Some lawmakers said they want companies to face more serious liabilities in the event of attacks.
The current and former chief executives of credit bureau Equifax, which disclosed in September that a data breach affected as many as 145.5 million USA consumers, said they did not know who was responsible for the attack.
Mayer noted that after Yahoo discovered the first hacks in late 2016, Yahoo required all of its users to change their passwords if they hadn't, and scrapped old security questions.
Lawmakers on both sides of the aisle have pummeled Equifax and Yahoo. "This hearing will give the public the opportunity to hear from those in charge, at the time major breaches occurred and during the subsequent response efforts, at two large companies who lost personal consumer data to nefarious actors".
"Companies that collect and store personal data on American citizens must step up to provide adequate cybersecurity", Senator John Thune, chairman of the Commerce Committee, said in remarks for the hearing.