According to a Yahoo document filed with the United States Security and Exchange Commission on Wednesday, Mayer offered to give up her 2017 annual equity award due to a 2014 security breach that exposed user information during her tenure, and the board accepted her offer. The board also determined that she would not receive a cash bonus for 2016.
"As those who follow Yahoo know, in late 2014, we were the victim of a state-sponsored attack and reported it to law enforcement as well as to the 26 users that we understood were impacted," Mayer said in a statement. "When I learned in September 2016 that a large number of our user database files had been stolen, I worked with the team to disclose the incident to users, regulators, and government agencies. However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company's hardworking employees, who contributed so much to Yahoo's success in 2016."
In addition, Yahoo's general counsel and secretary Ronald Bell resigned from the company on Wednesday. He had been with the company since July 1999.
Yahoo hired an independent committee to look into the security breaches that occurred between 2013 and 2016 have affected at least 1.5 billion user accounts. On Wednesday, the investigation identified 32 million user accounts that were victims of forged cookies between 2015 and 2016, digital keys that allow people to access information without passwords. The forged cookies have since been nullified by Yahoo.
The committee determined some of the forged cookie incidents were tied to a 2014 hack orchestrated by a state-sponsored source. In particular, 26 specific users were targeted. Additional security measures were provided and law enforcement was notified. The investigation found no relevant information was withheld. However, the committee said senior executives did not understand the gravity and investigate the breach fully.
The board has asked the company to implement or enhance response tactics regarding hacking incidents.