eBay data breach set to be investigated by the ICO

News
By Caroline Donnelly
published

Auction site finds itself at centre of several security investigations in wake of data breach

eBay sign

Internet auction site eBay looks set to have its operations probed in the wake of this week's data breach by a slew of data protection experts and regulators.

The website confirmed earlier this week that it had suffered a massive data breach, resulting in the disclosure of the passwords belonging to hundreds of millions of its users.

Details have since emerged that eBay is facing investigations on several fronts about the events that led to the breach taking place.

The US states of Connecticut, Florida and Illinois have already announced plans to join forces to investigate the company's security policies, along with the country's Federal Trade Commission.

An eBay spokesperson said the site is ready and willing to co-operate with any investigations that are carried out into its security strategy.

"We have relationships with and proactively contacted a number of state, federal and international regulators and law enforcement agencies," the spokesperson said.

Meanwhile, UK data protection watchdog, the Information Commissioner's Office (ICO) has confirmed that it's looking into launching its own probe into the breach.

Speaking to Radio 5 Live earlier today, The Information Commissioner Christopher Graham said a full investigation into the breach is justified given that millions of the site's users live in the UK.

However, because eBay's European headquarters are in Luxembourg, the ICO will first need to liaise with that country's data protection officers before it can act.

"When you're taking on a big global player like eBay, you've got to make sure do not get foot faulted and do something that would get you into troubles with the lawyers," Graham explained.

Meanwhile, eBay has denied that data stolen during the breach has been posted on anonymous text-sharing website Pastebin, which is regularly used by hackers to showcase stolen data.

Reports that a data dump from the eBay breach was up for sale for 1.45 bitcoins (447) on Pastebin began circulating yesterday night, but an eBay representative has since confirmed the details are not from "authentic" user accounts.

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.