State, federal authorities eye eBay breach

By Chad Hemenway on May 23, 2014

EBay’s most recent cyber attack has drawn the attention of at least several state attorneys general as well as federal authorities and lawmakers.

Connecticut, Florida and Illinois said they are investigating the cyber attack as eBay urged its 145 million users to change their passwords. The FBI said they are also investigating, and the Federal Trade Commission will look into it.

“The magnitude of the reported eBay data breach could be of historic proportions, and my office is part of a group of other attorneys general in the country investigating the matter,” said Pam Biondi, Florida attorney general. “We must do everything in our power to protect consumers’ personal information.”

The breach occurred between late February and early March, but was first realized two weeks ago, said eBay.

The company did not offer many details about the cyber attack but did say in credentials were compromised, which made accessible a database holding customer names, passwords, email addresses, physical addresses, phone numbers and dates of birth.

However, eBay said it has seen no evidence of increased fraudulent account activity or any unauthorized access to financial or credit-card information.

“The news that eBay has discovered a security breach involving customer data is deeply concerning,” said New York Attorney General Eric T. Schneiderman. “New Yorkers and eBay customers across the country trust that retailers will protect their personal information when they shop online. Our office has asked and fully expects eBay to provide free credit monitoring services to customers impacted by this breach.”

Ebay said it continues to investigate the data breach and it cooperating with authorities and security experts.

Christopher Graham, UK’s information commissioner, said: “We’re actively looking at this situation, with a view to launching a formal investigation.”

Thus far the commissioner’s office has been assisting Luxembourg, eBay’s European headquarters, said Graham in a blog.

“This needs to be a wake-up call to all of us, ” he wrote. “It’s a wake-up call to government that the 20-year-old data protection laws are showing their age. But most of all it’s a wake up to businesses. Cyber crime is real. Hacking is real. Responsible companies have got to act to keep their customer information safe, and if they don’t, they’ll find they’re not just in trouble with the Information Commissioner, but they’re in trouble with customers too.”

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or chemenway@advisen.com.