Newsroom
May 22, 2014
Ebay hacked, new data bill introduced
May 23, 2014 – Reports of the recent hack into online auction site Ebay Inc., which caused 145 million user accounts to be compromised, were followed Thursday with the introduction of a new data security bill from Sen. Robert Menendez, D-N.J., and Rep. Albio Sires, D-N.J.
After the massive Target Corporation breach, Menendez and Sen. Mark Warner, D-Va., called on the Senate Banking Committee to hold hearings on the safety of consumer data. After the Ebay breach was announced, Menendez announced his and Sires' bill, saying:
"This latest data breach confirms what we already know: our data is simply not safe … The American people deserve better than knowing that their information will soon end up in the hands of criminals."
The lawmakers said their bill would, among other things, limit the type of information an entity can collect and how long it can hold it, establish a uniform data security breach notification standard and have the Federal Trade Commission require companies to get opt-in consent before transferring consumer information to third parties. NAFCU is reviewing this legislation for impact on credit unions and continues to advocate for national information safekeeping standards and notification requirements for retailers in addition to the merchant community taking full responsibility in making consumers whole when breaches occur on their end.
In its announcement about the breach, Ebay asked that its users change their passwords.
A spokesperson told Reuters the company did not believe the compromised passwords had been unencrypted "because it would not be easy to do." Reuters called the breach one of the biggest in history. Ebay said there was no noticeable increase of fraudulent activity recently and that its connection to the online payment site PayPal did not appear to be affected.
After the Target breach, NAFCU was the first financial trade association to call for a national data security standard for retailers, and has continued putting pressure on Congress to pass legislation that would hold retailers accountable for their negligence.
After the massive Target Corporation breach, Menendez and Sen. Mark Warner, D-Va., called on the Senate Banking Committee to hold hearings on the safety of consumer data. After the Ebay breach was announced, Menendez announced his and Sires' bill, saying:
"This latest data breach confirms what we already know: our data is simply not safe … The American people deserve better than knowing that their information will soon end up in the hands of criminals."
The lawmakers said their bill would, among other things, limit the type of information an entity can collect and how long it can hold it, establish a uniform data security breach notification standard and have the Federal Trade Commission require companies to get opt-in consent before transferring consumer information to third parties. NAFCU is reviewing this legislation for impact on credit unions and continues to advocate for national information safekeeping standards and notification requirements for retailers in addition to the merchant community taking full responsibility in making consumers whole when breaches occur on their end.
In its announcement about the breach, Ebay asked that its users change their passwords.
A spokesperson told Reuters the company did not believe the compromised passwords had been unencrypted "because it would not be easy to do." Reuters called the breach one of the biggest in history. Ebay said there was no noticeable increase of fraudulent activity recently and that its connection to the online payment site PayPal did not appear to be affected.
After the Target breach, NAFCU was the first financial trade association to call for a national data security standard for retailers, and has continued putting pressure on Congress to pass legislation that would hold retailers accountable for their negligence.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.