Former Yahoo Chief Executive Marissa Mayer and ousted Equifax CEO Richard Smith appeared before Congress on Wednesday, offering explanations and apologies for how billions of user accounts and identities were disseminated through hacks at their companies.
Mayer and Smith were flanked by officials from their former companies, as Congress sought to get to the bottom of how three billion global user accounts at Yahoo and 146 million American Social Security numbers and more at Equifax were stolen by hackers.
“These thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users,” Mayer said, according to CNet.
But under questioning from the Senate Commerce Committee, she also admitted that Yahoo still doesn’t know exactly how hackers managed to steal the usernames and passwords of all of its registered users.
The picture painted by Equifax officials wasn’t much better: Smith said his company chose not to encrypt its database of Social Security numbers, driver’s license information and more, because they assumed their systems were secure enough to protect the data.
Senators questioning the CEOs were not optimistic about future security breaches.
“It’s not a question of if we’ll have another one,” Sen. Bill Nelson (D-Fla.) said, “but when.”
After years of company missteps and mounting criticism, Mayer resigned from Yahoo this June. And Smith was pushed out of Equifax in September, after his company’s breach affected some 60 percent of adults in the U.S.
After his ouster, Smith appeared before Congress in early October, calling for a public-private identity partnership to replace the Social Security number. The Social Security number remains the de facto standard for identifying a person in America, but it is in many ways an outdated and insecure system, as evidenced by the Equifax incident.
“It is time to have identify verification procedures that match the technical age in which we live,” Smith said in his last appearance before Congress.