Weekend Argus (Saturday Edition)
EBay Hacking attack was a ‘serious breech’
UK’s Information Commissioners Office to launch full investigation
LONDON: Watchdogs are set to launch a formal investigation into the eBay cyber attack which has left millions of customers at risk from criminal gangs.
The UK’s Information Commissioners Office said the hacking attack was a “serious breach” and a wake-up call for businesses and consumers.
News of the inquiry emerged as eBay came under fire for failing to realise there was a problem for months and then delaying notifying customers.
Separately, a new survey found consumers want a right to compensation if their data is hacked and tougher penalties for internet giants whose systems are vulnerable.
The hackers are understood to have captured e- mail and home addresses, encrypted passwords, phone numbers and dates of birth belonging to 144 million eBay users.
The company has advised customers to change their passwords, but the scale of the information collected means many are at risk of identity fraud.
Last night, the information commissioner, Christopher Graham, said: “This is a very serious breach. We are actively looking at the situation with a view to launching a formal investigation.
“This is a wake-up call to all of us – to businesses, to consumers and the government. Cyber crime is real, hacking is real and all respon- sible companies have got to act to keep their customer information safe. The concern is we are only going to see more of this phenomenon in the months and years ahead.”
The cyber attack took place at the end of February and in early March, but eBay said it knew nothing about it until two weeks ago and then delayed telling customers until Wednesday.
Technology lawyer Stefan Fafinski said it was “difficult to comprehend that it took eBay over two months to discover and investigate such a wide- scale breach, and hugely irresponsible for eBay to leave its customers at risk for two weeks before notifying them”.
The Institution of Engineering and Technology ( IET) said the delays had increased the risk to the public.
Martyn Thomas from the IET said: “In the time since the theft of the password file, the encryption may well have been broken, exposing the passwords and personal details that the file contained.”
Stephen Bonner, of KPMG’s Information Protection and Business Resilience team, said consumers had had enough of the stress and upheaval caused by cyber attacks.
A survey by the organisation found 76 percent of people would like a change to the law to guarantee compensation to victims.
“Consumers are saying ‘enough is enough,” said Bonner. “We hear almost daily of companies, both large and small, being hacked, but what we hear less of is the toll this has taken on those people whose data has been stolen.”
An eBay spokesman said: “As soon as we discovered this issue, we immediately began working with security experts and law enforcement to aggressively investigate the matter. We were undertaking thorough forensics on a global marketplace and ensuring we had a complete picture of the situation.”
The cyber attack on eBay came as its reputation was taking a battering because of its low tax bills.
Along with the likes of Starbucks, Amazon and Google, the corporation has come under fire for paying only small amounts to the taxman, despite large revenues.
eBay handed over just £1.2 million (R20.9m) in tax in the UK in 2010, despite its British subsidiaries generating sales of £800m.
Its subsidiary, PayPal, has also come under fire for its tax affairs. Based in Dublin, it paid less than £100 000 in tax in 2009, despite profits exceeding £50m, after paying a vast dividend to eBay and recording an overall loss.
eBay says it “complies fully with all applicable tax laws”.
Former BBC director- general Lord Birt became chairman of PayPal Europe in 2010.
After a controversial reign at the corporation, he stepped down in 2000. He was made a life peer and became an adviser to former British prime minister Tony Blair.
At the end of February, but eBay said it found out about the problem two weeks ago.
Customers’ names, encrypted passwords, e-mail addresses, physical addresses, phone numbers and dates of birth.
In theory, yes, because the data theft did not include financial information, such as bank account or card numbers.
Change your eBay password and check that your delivery addresses have not been changed.
If you use the same password, username and security log-in details on other accounts, change these also.
Beware an increase in spam or phishing e-mails. These appear to come from firms you know but encourage you to link to spying software that allows criminals to access your computer.
Victims should get a full refund from their bank or credit card company, providing they have not been “grossly negligent”. – Daily Mail