An internal investigation found Ms Mayer and her team reacted too slowly to a breach discovered in 2014.
The Yahoo board said it had decided to withhold a cash bonus worth up to $2m (£1.6m) from the chief executive while she had offered to give up a separate annual stock award, typically worth millions.
Ms Mayer said she would like her bonus to be distributed to Yahoo’s entire 8,500-strong workforce, but the board did not say whether it would do so.
Meanwhile, Yahoo’s general counsel Ronald Bell has resigned without severance pay over his department’s response to the security lapses.
The company’s investigation found that its security team uncovered evidence that a hacker backed by an unnamed foreign government had pried into user accounts in 2014.
But it said executives “failed to act sufficiently” on the knowledge and at the time notified only 26 people that their accounts had been breached.
Yahoo did not more widely disclose the 2014 breach until last September, when it began notifying 500 million users that email addresses and other personal information had been stolen.
Three months later, the company revealed that it had uncovered a separate hack in 2013 affecting about a billion accounts, some of which were also hit in 2014.
The episode has already exacted a heavy financial toll on Yahoo.
It has knocked $350m (£285m) off the price for the sale of its core internet business to telecoms giant Verizon to account for a potential backlash from the breaches, reducing it from $4.83bn to $4.48bn.
More than 40 lawsuits have been filed seeking damages for the breaches, and a successor company called Altaba set to emerge after the Verizon deal will face responsibility for any resulting payout.
Yahoo’s handling of the matter is also under investigation by regulators.
It says it has spent $16m (£13m) investigating the breaches and covering legal expenses so far.
Ms Mayer said in a blog post that she had not learnt about the scope of the incident until last September and had then tried to set things right.
“However, I am the CEO of the company and since this incident happened during my tenure, I have agreed to forgo my annual bonus and my annual equity grant,” she said.
Ms Mayer is still eligible for a $44m (£36m) severance package if she does not go to work for Verizon after the sale closes.