The network was shut down after Google was forced to go public about the leak following an article in The Wall Street Journal. The letter was sent on Thursday, US time, and a reply has been sought by 30 October.
The three senators — John Thune, chairman of the Committee on Commerce, Science and Transportation; Roger Wicker, chairman of the subcommittee on Communications, Technology, Innovation and the Internet; and Jerry Moran, chairman of the subcommittee on Consumer Protection, Product Safety, Insurance and Data Security — also asked Pichai to provide details of how and when Google became aware of the vulnerability and what actions it took to remedy the flaw.
The WSJ report said Google kept quiet about the leak which occurred between 2015 and March 2018 when it was found and fixed. Google said the affected data was limited to static optional Google+ profile fields including names, email addresses, occupations, gender and age.
Thune, Wicker and Moran also asked Pichai to commit to informing the committees they represented if Google found evidence of misuse of data that had leaked from Google+. On the day the leak was announced, the company claimed it had found no evidence of misuse of leaked data.
Pichai was also asked why Google had chosen to keep mum about the discovery of the flaw, whether it had disclosed the issue to any federal agencies before the public disclosure, whether there were similar incidents that had not been publicly disclosed, and whether he (Pichai) believed that users of free Google services should enjoy the same level of notification and mitigation in the event of data breaches as paid G Suite subscribers were afforded.
The internal memo was said to have warned that disclosure of the leak would lead to "immediate regulatory interest" and result in comparisons with Facebook's leak of user details to data analytics firm Cambridge Analytica which came to light in March, the same month that the Google+ leak was discovered.
Cambridge Analytica was forced to shut its doors in May.
Thanks to ZDNet for a link to the letter.