Google said this week it would shut down the consumer version of Google+ and tighten its data sharing policies after revealing that the private profile data of at least 500,000 users may have been exposed to hundreds of external developers.
The letter from Senator John Thune, who chairs the Commerce Committee, and two other senators who chair subcommittees - Jerry Moran and Roger Wicker - asked Google to explain a reported delay in disclosing the issue.
"Google must be more forthcoming with the public and lawmakers if the company is to maintain or regain the trust of the users of its services," the letter said.
The company did not immediately comment.
The letters asked whether the vulnerability was revealed previously to any federal agencies, including the Federal Trade Commission, and if there were "similar incidents which have not been publicly disclosed?"
Google Chief Executive Sundar Pichai agreed last month to testify before a House of Representatives panel in November after meeting with lawmakers.
Thune said in an interview that the Senate may also call Pichai to testify.
On Wednesday, three Democratic senators wrote the FTC asking them to investigate Google+. In 2012, Google agreed to pay a then-record $22.5 million fine to settle FTC charges it misrepresented to Apple Safari Internet browser users that it would not place tracking "cookies" or serve them targeted ads.
Google acknowledged it had made prior mistakes in privacy issues in written testimony before the Senate Commerce Committee last month but did not disclose the Google+ issue.
The three Republicans said they were "especially disappointed" with the failure of Google's chief privacy officer, Keith Enright, to disclose the issue.
The three Republicans asked Google to turn over a memo, reported by the Wall Street Journal earlier this week, that said that a factor in not disclosing the issue earlier was that it would draw "immediate regulatory interest" and "almost (guarantee)" that Pichai would have to testify before Congress. They called the memo "troubling."
Congress and the Trump administration are looking at ways of creating new national privacy protections. Facebook Inc has acknowledged it failed to protect the data of some 87 million users that was shared with now-defunct political data firm Cambridge Analytica.
Massive breaches of data privacy have compromised the personal information of millions of U.S. internet and social media users. These include notable breaches at large retailers and credit reporting agency Equifax Inc.
(Reporting by David Shepardson; Editing by Dan Grebler and Jonathan Oatis)
By David Shepardson