updated 05:18 pm EDT, Sun May 25, 2014
Ebay initially thought user data was safe, three states launch probe
Three states have launched an investigation into Ebay's security measures after the auction site announced a widespread breach in its system last week. The breach, which occurred in late February into early March, saw the personal data of approximately 145 million Ebay users accessed. Connecticut, Florida and Illinois have joined together to take part in the investigation.
Attorney generals for the three states will be looking into the circumstances that allowed the data breach, as well as the protocols and practices for storage. Statements have been released from two of the states, Connecticut and Florida, indicating their intent due to the severity of the information obtained.
"My office will be looking into the circumstances surrounding this breach, as well as the steps Ebay is taking to prevent any future incidents," said Connecticut Attorney General George Jepsen in a statement.
Information about the attack has been sparse since Ebay announced it, leaving customers to wonder how far the information theft goes. Taking the matter to heart, especially considering the growing number of high profile customer data thefts, the states are taking a proactive approach to protecting citizens.
"The magnitude of the reported Ebay data breach could be of historic proportions, and my office is part of a group of other attorneys general in the country investigating the matter," said Florida Attorney General Pam Bondi. "We must do everything in our power to protect consumers' personal information."
New York Attorney General Eric Schneiderman has also chimed in on the breach, requesting that Ebay put free credit monitoring in place for people affected. No plans to join the probe were mentioned in his statement.
The breach, which contained no financial information according to Ebay, was not initially thought of as putting user data at risk when the intrusion was first detected two weeks ago. In a statement to Reuters, Global Marketplaces chief Devin Wenig said that "for a very long period of time, we did not believe there was any Ebay customer data compromised." However, once it was discovered information obtained went further than employee accounts, the company moved "swiftly" to disclose the threat to the public.
Issues have surrounded attempts to change passwords since the announcement was posted to the corporate website and social media announcements were made. Many users have still not received emails regarding the breach and subsequent password change notification. However, those emails should still be on the way.
"You would imagine that anyone who has ever touched eBay is a large number," said Wenig. "So we're going to send all of them an email, but sending that number all at once is not operationally possible."
Just to let everyone know, it will take some time for every eBay user to get our reset email. You can still go to eBay to change password.- eBay Inc. (@ebayinc) May 22, 2014