This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.theguardian.com/technology/2014/may/23/uk-data-watchdog-ebay-investigation-cyberattack
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| UK data watchdog considering eBay investigation over cyberattack | UK data watchdog considering eBay investigation over cyberattack |
| (3 months later) | |
| The Information Commissioner’s Office (ICO) has said that it is looking into the eBay break-in, which led to the company issuing password change notices to users on Wednesday. | The Information Commissioner’s Office (ICO) has said that it is looking into the eBay break-in, which led to the company issuing password change notices to users on Wednesday. |
| The ICO is considering a full investigation into the cyberattack that resulted in hackers gaining access to a database that held encrypted passwords as well as customer names, email addresses, physical addresses, phone numbers and dates of birth which were not encrypted. | |
| “We’re certainly looking at the situation,” Christopher Graham the Information Commissioner told BBC Radio 5 live. “We have to work with colleagues in Luxembourg where eBay is based for European purposes. We were in touch with the Luxembourg data protection authority yesterday.” | “We’re certainly looking at the situation,” Christopher Graham the Information Commissioner told BBC Radio 5 live. “We have to work with colleagues in Luxembourg where eBay is based for European purposes. We were in touch with the Luxembourg data protection authority yesterday.” |
| Three separate states have already started investigations into the data breach at eBay in the US, as well as the US Federal Trade Commission which is described as having "eye-watering powers to deal with American companies" by Graham. | Three separate states have already started investigations into the data breach at eBay in the US, as well as the US Federal Trade Commission which is described as having "eye-watering powers to deal with American companies" by Graham. |
| “We have relationships with and proactively contacted a number of state, federal, and international regulators and law enforcement agencies. We are fully cooperating with them on all aspects of this incident,” said an eBay spokesperson. | “We have relationships with and proactively contacted a number of state, federal, and international regulators and law enforcement agencies. We are fully cooperating with them on all aspects of this incident,” said an eBay spokesperson. |
| ‘You’ve got to make sure you do not get foot faulted’ | ‘You’ve got to make sure you do not get foot faulted’ |
| Jurisdictional issues may complicate the investigation. Ebay's headquarters are in Luxembourg, which means Luxembourg's data protection authority must take the lead in the first instance. | Jurisdictional issues may complicate the investigation. Ebay's headquarters are in Luxembourg, which means Luxembourg's data protection authority must take the lead in the first instance. |
| “When you’re taking on a big global player like eBay you’ve got to make sure you do not get foot faulted and do something that would get you into trouble with the lawyers,” Graham explained. | “When you’re taking on a big global player like eBay you’ve got to make sure you do not get foot faulted and do something that would get you into trouble with the lawyers,” Graham explained. |
| The ICO will look at the time it took eBay to realise the compromise, which is said to have happened in late February or early March but only discovered in May, and the company’s handling of the situation, specifically around how long it took eBay to do something about it and inform the authorities in the first instance. | The ICO will look at the time it took eBay to realise the compromise, which is said to have happened in late February or early March but only discovered in May, and the company’s handling of the situation, specifically around how long it took eBay to do something about it and inform the authorities in the first instance. |
| ‘Personal information is not their plaything’ | ‘Personal information is not their plaything’ |
| The auction site has been heavily criticised by security experts over its failure to encrypt the personal data of its users beyond passwords. | The auction site has been heavily criticised by security experts over its failure to encrypt the personal data of its users beyond passwords. |
| “This sort of thing is going to go on and on and on until businesses wake up and realise that personal information is not their plaything; it’s our information and it needs to be protected,” said Graham. | “This sort of thing is going to go on and on and on until businesses wake up and realise that personal information is not their plaything; it’s our information and it needs to be protected,” said Graham. |
| “It is inexcusable for a company the size of eBay with the amount of data it holds to not encrypt all personal information held and to not constantly be at the forefront of security technology,” said Rik Ferguson, global vice president of security research at security software firm Trend Micro talking to the Guardian. | “It is inexcusable for a company the size of eBay with the amount of data it holds to not encrypt all personal information held and to not constantly be at the forefront of security technology,” said Rik Ferguson, global vice president of security research at security software firm Trend Micro talking to the Guardian. |
| The hacker’s access to the database, gained via stolen eBay employee identities, puts eBay’s users at risk of phishing attacks and identity theft using personal information like postal addresses and dates of birth, which are used to verify identity. | The hacker’s access to the database, gained via stolen eBay employee identities, puts eBay’s users at risk of phishing attacks and identity theft using personal information like postal addresses and dates of birth, which are used to verify identity. |
| Europe’s data protection watchdogs are scheduled to meet next week to discuss European data issues, including the European court of justice over the right to be forgotten, but eBay’s protection of user data is likely to be high on the agenda. | Europe’s data protection watchdogs are scheduled to meet next week to discuss European data issues, including the European court of justice over the right to be forgotten, but eBay’s protection of user data is likely to be high on the agenda. |
| “It worries me that we’re not sufficiently alert to what is going on in the 21st century. None of us are taking this serious enough, none of us are as good as we should be about passwords, changing them regularly and using credible, hard passwords that aren’t just the name of your cat or your mother-in-law,” said Graham. | “It worries me that we’re not sufficiently alert to what is going on in the 21st century. None of us are taking this serious enough, none of us are as good as we should be about passwords, changing them regularly and using credible, hard passwords that aren’t just the name of your cat or your mother-in-law,” said Graham. |
| • Ebay denies 'database' on sale for 1.45 bitcoin is authentic | • Ebay denies 'database' on sale for 1.45 bitcoin is authentic |
| • Ebay hack Q&A: should I change my password? What could happen? | • Ebay hack Q&A: should I change my password? What could happen? |
| • How to protect your personal data from the next hack attack like eBay | • How to protect your personal data from the next hack attack like eBay |
Previous version
1
Next version