eBay Data Breach: Class Action Suit Alleges Negligence

Data breaches that impact customers are costly in many ways. They are costly to cleanup. They are costly in the erosion of their customer’s confidence and business. They can kill e-Commerce.

Increasingly, data breaches are costly in legal liabilities. The latest example is a class action suit filed against eBay on behalf of customers whose personal information was exposed in data breach revealed last May. The suit was filed in US Federal court by Collin Green of Louisiana

The period of exposure was between, February and March, but has not been precisely confirmed. According to the suit, identify thieves gained unauthorized accessed to customer’s personal data, including customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.

The suit accuses of eBay of negligence, including an allegation that e-Bay used an unsafe method of encrypting passwords. It asserts eBay should be aware that the hash method of encryption is far superior to what they had implemented.

In May, eBay requested that 145 million customers change their passwords to limit their exposure to harm. eBay has been criticized for delaying informing customers of the breach until after the story had already leaked to the press. This increased the period of customer exposure to financial fraud that might be prevented.

With 145 million potential victims, the eBay data breach is arguably the largest data breach in history. It exceeds the 100 million Target customers whose cardholder information was compromised last Fall.

What can you do?

Endpoint Security measures antivirus, personal firewall, web site vulnerability testing and penetration testing are all essential to avoid data breaches. According to the Verizon Data Breach report in 2012, a majority of data breaches occur because Point of Sale systems do not even include basic protections such as antivirus scanning and firewall protection.

Consumers need use antivirus and personal firewalls to ensure they are protected, but increasingly have to be on alert for the signs of identity theft and keep up with the latest news, such as on the e-Bay and Target data breaches.