May 22, 2014

Ebay hacked, new data bill introduced

May 23, 2014 – Reports of the recent hack into online auction site Ebay Inc., which caused 145 million user accounts to be compromised, were followed Thursday with the introduction of a new data security bill from Sen. Robert Menendez, D-N.J., and Rep. Albio Sires, D-N.J.

After the massive Target Corporation breach, Menendez and Sen. Mark Warner, D-Va., called on the Senate Banking Committee to hold hearings on the safety of consumer data. After the Ebay breach was announced, Menendez announced his and Sires' bill, saying:

"This latest data breach confirms what we already know: our data is simply not safe … The American people deserve better than knowing that their information will soon end up in the hands of criminals."

The lawmakers said their bill would, among other things, limit the type of information an entity can collect and how long it can hold it, establish a uniform data security breach notification standard and have the Federal Trade Commission require companies to get opt-in consent before transferring consumer information to third parties. NAFCU is reviewing this legislation for impact on credit unions and continues to advocate for national information safekeeping standards and notification requirements for retailers in addition to the merchant community taking full responsibility in making consumers whole when breaches occur on their end.

In its announcement about the breach, Ebay asked that its users change their passwords.

A spokesperson told Reuters the company did not believe the compromised passwords had been unencrypted "because it would not be easy to do." Reuters called the breach one of the biggest in history. Ebay said there was no noticeable increase of fraudulent activity recently and that its connection to the online payment site PayPal did not appear to be affected.

After the Target breach, NAFCU was the first financial trade association to call for a national data security standard for retailers, and has continued putting pressure on Congress to pass legislation that would hold retailers accountable for their negligence.