In a letter to Zoom CEO Eric Yuan today, Sens. Elizabeth Warren (D-MA) and Ed Markey (D-MA) raised new concerns about the service’s safety and privacy policies amid unprecedented consumer usage of the product in education and elsewhere. The letter pays particular attention to users under the age of 13 who are subject to special privacy protections under the Children’s Online Privacy Protection Act (COPPA).

The letter details a number of Zoom’s recent security and privacy issues, including the recent “Zoombombing” harassment attacks and its iOS app inadvertently sharing data with Facebook.

“We appreciate your announced intention to address each of these issues,” the letter reads, “but it is alarming that Zoom allowed these security breaches to affect millions of users and did not identify or resolve them until they became public.”

“it is alarming that Zoom allowed these security breaches to affect millions of users”

Yuan has acknowledged that Zoom was unprepared for the surge in non-enterprise users. “Clearly we have a lot of work to do to ensure the security of all these new consumer use cases,” Yuan said in a public live stream on Wednesday. “But what I can promise you is that we take these issues very, very seriously.”

Reached for comment, Zoom reiterated that commitment. “We appreciate the outreach we have received from various elected officials and look forward to engaging with them,” the company said in a statement. “We take user privacy, security, and trust extremely seriously.”

As an enterprise app, Zoom was not built with underage users in mind, and the company’s privacy policy notes that it does not “knowingly allow children under the age of 16 to sign up for their own accounts” — although there is a special provision for the Zoom Education service. Still, Warren and Markey point out that the surge in usage makes it likely that many teachers have ended up using the free service as an emergency measure. Zoom also collects various data from free users, making it plausible that children’s data may have been collected by the app.

In light of those concerns, Warren and Markey ask Yuan for detailed and specific information on the company’s data practices and security history. In particular, the senators ask for a full recounting of any data breaches the service has experienced as well as all of the reported incidents of Zoombombing in a classroom context. The senators also ask for broader information about how Zoom is working to maintain compliance with COPPA.

The letter comes amid an unprecedented surge in scrutiny for the app, which had been largely restricted to enterprise users before the COVID-19 pandemic. Yesterday, Markey called on the Federal Trade Commission to set official privacy standards for videoconferencing tools, a potential sign of escalating regulation in the space.

1:12PM ET: Updated with a statement from Zoom.