eBay data breach sparks lawsuit

News by Bertram on July 29, 2014 add comment 433 views

Disgruntled customers seek damages.

eBay faces a class action lawsuit after a high-profile data breach forced customers to reset their passwords and the company attracted criticism for its tardiness in alerting customers.

US citizen Collin Green has filed a consumer privacy class action suit in US District Court accusing the e-commerce company of failing to secure private information.

The suit noted that eBay “holds personal information of more than 120 million active customers in electronic files,” and because the company didn’t protect the data properly it “has caused, and is continuing to cause, damage to its customers.”

The claim also provided a litany of information that eBay collects and stores — from credit card, shipping and location data to statistics on page views, mobile phone numbers and community discussions — that could be used for identity theft.

It also chided eBay for informing customers only after the breach had been widely reported noting that the company was well aware of reporting requirements and that it not only failed to protect data but withheld notifying customers in an attempt to avoid negative market perception.

“eBay’s profit-driven decision to withhold its security lapse further damaged the class members who were prevented from immediately mitigating the damages from the theft,” the suit claims.

The combined claims of the proposed class members exceed US$5 million (A$5.32 million) exclusive of interest and costs.

In May, eBay reported that hackers had accessed a database containing customer names, emails and physical addresses but advised that there was no evidence that financial or credit card information had leaked. It asked customers to reset their passwords.

Daily deals website Catch of the Day also recently revealed it had suffered a serious data breach in 2011 that led to customer passwords and a number of credit card details being stolen.

Catch of the Day only informed customers of the data breach earlier this month advising that “technological advances” meant there was an increased risk of the stolen hashed passwords becoming compromised.