Breach triggers ICO investigation at eBay

24 May 2014

The UK Information Commissioner's Office (ICO) said it was looking into the eBay break-in, that led the company to issue password change notices to users on Wednesday.

The office is contemplating launching a full investigation into the cyberattack that resulted in hackers gaining access to a database holding encrypted passwords and customer names, email addresses, physical addresses, phone numbers and dates of birth that were not encrypted.

''We're certainly looking at the situation,'' Christopher Graham the Information Commissioner told BBC Radio 5 live. ''We have to work with colleagues in Luxembourg where eBay is based for European purposes. We were in touch with the Luxembourg data protection authority yesterday.''

Three separate investigations were already underway in three US states into the data breach at eBay.

The US Federal Trade Commission which had been described as having "eye-watering powers to deal with American companies" had also launched investigations.

The Guardian quoted a company spokesperson as saying the company had relationships with and had proactively contacted a number of state, federal, and international regulators and law enforcement agencies.

He added the company was fully cooperating with the agencies on all aspects of the incident.

Meanwhile, Graham told Sky News that while he did to want to pre-empt a formal inquiry.

Sony had earlier been fined £250,000 for its data breach by his team.

The commissioner cautioned users against phishing emails that might appear to be from eBay and to change their password only the eBay website.

In the US, Connecticut attorney general George Jepsen advised eBay users along similar lines and also warned that his office would be looking into the breach, ''as well as the steps eBay is taking to prevent any future incidents''.

Investigations into the hack had also been launched in Florida and Illinois and New York's AG Eric Schneiderman called for the online marketplace to provide free credit-monitoring services to its users.

He said the news that eBay had discovered a security breach involving customer data was deeply concerning.

He added, New Yorkers and eBay customers across the country trusted that retailers would protect their personal information when they shopped online.