Three states jointly investigate EBay breach

San Jose Calif. – The states of Connecticut, Florida, and Illinois, are jointly investigating a recent data breach at EBay Inc., and the state of New York is asking EBay to offer free credit monitoring for any customer whose data was exposed.



The FBI is also investigating the breach. So far EBay has not released much detailed information on the cyber attack, and it is not yet clear exactly how much authority the states or the federal government may have to require remedial steps. Consumer data allegedly stolen in the breach has been advertised on underground hacker sites, although it has not been verified whether the data is legitimate.



Facts that have been revealed so far are that an EBay database was compromised between late February and early March 2014. The database included EBay customers' name, encrypted password, email address, physical address, phone number and date of birth. However, EBay said the database did not contain financial information or other confidential personal information. The compromised employee log-in credentials were first detected earlier in May 2014, and forensics subsequently identified the compromised EBay database.



The company said it has seen no indication of increased fraudulent account activity on EBay and has no evidence of unauthorized access or compromises to personal or financial information for PayPal users.