BigClassActions.com
Advertisement

EBay Faces Data Breach Class Action Lawsuit

- by

Los Angeles, CA: A data breach class action lawsuit has been filed against eBay alleging it failed to properly secure its internal databases which enabled a cyber attack in May of this year. As a result, hackers were able to access eBay users' passwords and personal data.

Filed by plaintiff Collin Green, the lawsuit alleges that in February and March 2014 identity thieves broke into eBay' data files. When the company disclosed the breach in May, it said that the thieves had access to and copied customers' names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. As many as 145 million customers were potentially affected.

eBay has not said if any other information was accessed, although it collects and stores credit card or bank account numbers, computer device IDs or unique identifiers, geolocation information and transaction information, the complaint states. Green alleges that it wasn't until after the security breach had been reported through independent Internet sources that eBay disclosed the attack.

"The notice provided only instructed the millions of impacted customers to change their passwords. EBay did not inform its customers that they were almost ten times more likely to suffer identity fraud as a result of eBay' failure,"the complaint states. "The security breach was the result of eBay' inadequate security in regard to protecting identity information of its millions of customers."

The lawsuit further claims that eBay did know the value of the personal information it held, and the threat to the security of that information long before the 2014 security breach, as evidenced by a quarterly financial statement in which the company acknowledged that security breaches were a constant threat.

However, eBay was also allegedly aware that its consumer perception could be damaged by news of the breach, and for that reason the company did not notify customers immediately it became aware of the hack. Therefore, a "profit-driven"decision to withhold the fact of its security lapse allegedly damaged the class members, who were prevented from immediately mitigating the damages from the theft, the lawsuit contends.

As a result, "Plaintiff and the class members must be vigilant for many years in checking for fraud in their name, and be prepared to deal with the steep costs associated with identity fraud,"the complaint states.

According to Green, the company did not encrypt much of the information stolen, including customer names, email addresses, physical addresses, phone numbers and birthdays. EBay allegedly chose to use the cheaper security method of encryption as opposed to hashing, despite knowing that hashing was much more secure and preferred by security experts. In eBay' disclosure, the stated that the hackers were able to obtain a small number of employee log-in credentials that allowed them to gain access to the company' corporate network.

Green is represented by Charles F. Zimmer, Eric J. O'Bell and Bradley T. Oster of O'Bell Law Firm LLC.

The case is Collin Green v. eBay Inc., case number 2:14-cv-01688, in the U.S. District Court for the Eastern District of Louisiana.

Class Action Legal Help

If you or a loved one has suffered similar damages or injuries, please fill in our form on the right and your complaint will be sent to a lawyer who may evaluate your claim at no cost or obligation.

Add Your Comment on This Issue

Please read our comment guidelines before posting.


Note: Your name will be published with your comment.


Your email will only be used if a response is needed.

Request Legal Help