Last week, internet giant Ebay hit the headlines for all the wrong reasons, after it announced that it had had no choice but to report a serious data breach by online hackers, despite the attack actually taking place in February of this year. Some 145 million user records were apparently accessed by hackers and as a consequence, Ebay has had to advise all of its customers to immediately change their passwords.
This latest security breach will not only go down in history as one of the biggest breaches ever, but, it also raises serious concerns about the long term effects. Whilst Ebay says no financial information was taken, nevertheless, the hackers most likely have obtained not only individual passwords, but also names, addresses and telephone numbers which could lead to identity theft.
Advice has been given to Ebay’s customers on how to change their passwords etc. and it is recommended that in circumstances where the same password is used for other websites, then they should also be changed. In the meantime, Ebay faces investigations over the data breach by various authorities over the World, including an investigation and possible prosecution by the Information Commissioner’s office.
This latest data breach should serve as a warning to all businesses that cyber crime is a genuine threat and continues to increase. As such, companies should have robust security and data protection procedures in place to protect their customer information. If not, they could find themselves in a similar situation and facing not only reputational damage with their customers, but sanctions from the Information Commissioner’s office or a criminal prosecution. It remains to be seen how this security breach will impact on Ebay, but reputational damage is likely to have a greater effect than any possible fine from any breaches of the Data Protection Act.