eBay to face formal investigations over data breach
Attorneys general in three states in the US are looking into the hack, and an official in the UK is considering a formal probe.
Lance WhitneyContributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Reacting to the news, the attorneys general of Connecticut, Florida, and Illinois will launch a joint investigation, Jaclyn Falkowski, a spokeswoman for Connecticut Attorney General George Jepsen, told CNET.
"Our office has been in contact with the company, and our inquiry will focus on the measures the company had in place in regards to the security of personal information prior to the incident, the circumstances that led to the breach, how many users were affected, the company's response to the breach and what measures the company is taking to prevent future incidents," Falkowski said.
In a request for comment about the joint state investigation, a spokeswoman for eBay sent CNET the following statement:
"We have relationships with and proactively contacted a number of state, federal, and international regulators and law enforcement agencies. We are fully cooperating with them on all aspects of this incident."
There are "millions of UK citizens affected by this, and we've been clear that we're monitoring it, but by taking the wrong action under the law now we risk invalidating any investigation." a spokesman for the Information Commissioner's Office told the BBC.
"The news that eBay has discovered a security breach involving customer data is deeply concerning," Schneiderman said on his website. "New Yorkers and eBay customers across the country trust that retailers will protect their personal information when they shop online. Our office has asked and fully expects eBay to provide free credit monitoring services to customers impacted by this breach."
The eBay database containing customer names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth was compromised in late February and early March. The company reportedly only recently became aware of the hack.
eBay has been criticized for not directly informing users of the breach. But in a tweet posted on Thursday, the company said that an email is headed for each user.
"Just to let everyone know, it will take some time for every eBay user to get our reset email. You can still go to eBay to change password."