The company revealed that a “state-sponsored actor” stole data associated with some 500 million accounts from its servers in late-2014.
Warner, a former technology executive, is a member of the Senate Intelligence and Banking Committees and co-founder of the bipartisan Senate Cybersecurity Caucus.
Russian hackers are suspected to be behind the attack, sources familiar with the matter recently told ABC News. Yahoo has not commented on that detail.
Meanwhile, shortly after the breach announcement, a source familiar with the matter told ABC News that Yahoo launched an internal investigation "following a report earlier this summer [July 2016] of a hacker indicating that 280 million user credentials were for sale on the black market."
According to the source, the company "found no evidence to substantiate the hacker’s claims," but when an internal security team broadened the scope of its investigation, “they identified evidence of the theft by a state-sponsored actor occurred in 2014.”
Yahoo noted on Friday that "a recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a state-sponsored actor. Our investigation into this matter is ongoing and the issues are complex."
"Some things, however, are clear: Yahoo has never had reason to believe there is any connection between the security issue disclosed yesterday [Sept. 22] and the claims publicized by a hacker in August 2016. Conflating the two events is inaccurate.”
Late on Friday, The Wall Street Journal, citing an unnamed source, reported that Yahoo "detected hackers in their systems in fall 2014 who they believed were linked to Russia and were seeking data on 30 to 40 specific users of the company’s online services."
The Journal reported that the person being cited did not "know whether that attack led to the theft of information on 500 million user accounts."
The timing of the attack and its disclosure has raised questions about whether Yahoo has violated securities laws, which require publicly-traded companies to disclose information that has the potential to sway markets.
Yahoo filed a Form 8-K hours after it announced the data breach on the afternoon of Sept. 22. Regulations require that a Form 8-K be submitted within four business days of an event that is material to investors.
At market open on Monday, Yahoo’s stock had lost about 3.75 percent of its value since its opening on Sept. 22 -- the day the hack was announced.
“Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public,” Warner said in the letter, dated today. “The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.”
Yahoo did not immediately respond to ABC News' request seeking comment on Warner’s request to the SEC.
Verizon declined to comment to ABC News on the matter.
The SEC declined comment and would not confirm or deny whether there is an investigation.
Yahoo is a content partner of ABC News.
ABC News’ Mike Levine and Pierre Thomas contributed to this report from Washington.
Editor's note: This story has been updated to reflect that a source said that Yahoo launched an internal investigation following hacker claims in July 2016, which ultimately led investigators to discover evidence of the breach revealed last week. A previous version of this story stated that the discovery of the breach was in July 2016. It is not clear when exactly the discovery was made.