Senators ask Google to explain delay in disclosing vulnerability that affected 500,000 users

  • Three influential Republican U.S. senators on Thursday asked Alphabet-owned Google to explain why it chose to delay disclosing vulnerabilities with its Google+ social network.
  • Google disclosed that private profile data of at least 500,000 users may have been exposed to hundreds of external developers.
The Google Plus (G+, or Google +) social network logo.
Adam Berry | Getty Images
The Google Plus (G+, or Google +) social network logo.

On Thursday, three influential Republican U.S. senators asked Alphabet's Google to explain why it chose to delay disclosing vulnerabilities with its Google+ social network.

Google said this week it would shut down the consumer version of Google+ and tighten its data-sharing policies after disclosing that private profile data of at least 500,000 users may have been exposed to hundreds of external developers.

Senators John Thune (R-S.D.), Roger Wicker (R-Miss.), and Jerry Moran (R-Kan.) addressed a letter to Google CEO Sundar Pichai asking for details and documentation around the security bug, including a copy of an internal memo quoted by The Wall Street Journal that showed that leadership was concerned that disclosing it would cause a potential privacy scandal. The senators asked that Google answer its questions no later than October 30.

The internal memo, written by Google's legal and policy staff, warned that news of the bug would cause "immediate regulatory interest," draw comparison's to Facebook's Cambridge Analytica data scandal, and force Pichai to testify before Congress.

Although Google may not have been legally required to disclose the incident since it involved data "exposure" rather than a data "breach," the three senators say that the cover-up was concerning.

"As the Senate Commerce Committee works toward legislation that establishes a nationwide privacy framework to protect consumer data, improving transparency will be an essential pillar of the effort to restore Americans' faith in the services they use," the letter reads. "It is for this reason that the reported contents of Google's internal memo are so troubling."

The letter also says that the senators are "especially disappointed" that Google's chief privacy officer, Keith Enright, didn't didn't provide any information about the security hole to the Senate even though he had appeared at a committee hearing on privacy only two weeks prior.

— Reuters contributed to this report.