eBay seeks to dismiss data breach lawsuit
by Carol Thompson
eBay, Inc. filed a motion Tuesday asking the Louisiana Federal Court to dismiss a proposed class action suit in relation to a data breach the online auction company reported earlier this year.
eBay claims that plaintiff Collin Green does not have standing because he hasn’t sufficiently proven that the data breach caused him injury.
In February or March, eBay’s files were accessed by identity thieves, without eBay’s permission, the complaint says. The thieves, at a minimum, had access to customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.
The suit, filed July 23, alleges eBay failed to notify customers of the security breach until May 21 and only after it had been reported by independent Internet sources.
“eBay was aware of the value of the personal information it held and the threat to the security of that information long before the 2014 security breach,” the complaint states.
Following the breach, eBay asked its customers to reset their passwords and the passwords of any other websites where the same password was used.
“According to industry reports, eBay chose to use the cheaper security method of encryption as opposed to hashing, with full knowledge that hashing was much more secure and preferred by security experts,” the complaint states. “Once a hacker steals the encryption key, the complex nature of a ‘strong’ encrypted password is irrelevant as the hacker can simply reveal the password with the encryption key.”
Green alleges eBay breached its implied contract, breached its fiduciary duty, violated the Gramm-Leach-Bliley Act, violated multi-state privacy laws and violated the federal Fair Credit Reporting Act.
The lawsuit further alleges that eBay holds information on 120 million customers and because it didn’t properly protect data, it resulted in the compromise of data it caused and continues to cause damage to its customers.
eBay joins a growing number of companies being sued over security breaches.
Image:Flickr/ Kārlis Dambrāns