clock menu more-arrow no yes mobile

Filed under:

Former Yahoo CEO Marissa Mayer has been subpoenaed to testify to Congress about the company’s 2013 security breach

So she’ll testify at a Tuesday hearing after all!

Former Yahoo CEO Marissa Mayer Kimberly White/Getty Images for Fortune

Senate lawmakers quietly subpoenaed former Yahoo CEO Marissa Mayer in October in order to compel her to testify before a key committee that’s investigating a 2013 security breach at the tech giant that has affected three billion of its users.

Initially, Mayer’s representatives declined to make her available to appear before the powerful Senate Commerce Committee, which is set to convene a hearing on Tuesday that explores the attack on Yahoo as well as a separate, later 2017 incident at credit-monitoring agency Equifax, which affected more than 145 million Americans.

Both the panel’s chairman, Republican Sen. John Thune, and its top Democratic lawmaker, Sen. Bill Nelson, agreed on the subpoena, according to a panel spokesman. In response, Mayer told the committee she would testify at the hearing, the spokesman said, but the subpoena remains in effect.

The Hill first reported on details of the subpoena. Spokespeople for Nelson as well as Mayer, Verizon and Yahoo’s new entity, Oath, did not immediately respond to emails from Recode seeking comment.

That brouhaha could result in an especially uncomfortable grilling for Mayer at the Senate’s data security hearing. Thune initially called the session after Yahoo, now part of Verizon, revealed that a 2013 cyber attack on the company affected three billion of its users — three times its initial estimate.

Lawmakers’ other target is Equifax: The Senate Commerce Committee is focused on a 2017 incident at the credit-monitoring agency in which malefactors stole 145 million Americans’ sensitive data, including their home addresses and even some credit card numbers.

For some on the panel, though, the added issue with Equifax is its slow, widely criticized response to the security breach, not to mention later revelations that Equifax’s own consumer-help websites had been affected by malware.

In a statement this October, Thune stressed the hearing would give “the public the opportunity to hear from those in charge, at the time major breaches occurred and during the subsequent response efforts, at two large companies who lost personal consumer data to nefarious actors.”

Some lawmakers, however, are sure to use the hearing to call for greater regulation — not only in the way that companies collect and secure data but also the means by which they inform and help consumers in the event of a security breach. In recent months, Equifax and its peers in the industry have ramped up their lobbying efforts in Washington, D.C. to stave off such rules and restrictions.

This article originally appeared on