22 May 2014
E-commerce giant eBay has become the latest company to fall victim to a cyber-attack.
eBay’s database was hacked between late February and early March, which was only detected two weeks ago. Customer details including customers’ name, encrypted password, email address, physical address, phone number and date of birth, were stolen.
Details such as customers’ personal financial information was not stolen according to eBay, adding that it has found no evidence of unauthorised access or compromises to personal or financial information for Paypal users as Paypal’s data is stored separately.
The hackers gained access to eBay’s corporate network by compromising a small number of employee login credentials. eBay has advised its users to change passwords.
ICSA Policy Director Peter Swabey commented: ‘eBay’s announcement that it had been the victim of a cyber-attack is hardly surprising when you consider that many boardrooms do not spare the time to discuss what ought to be a top-of-the-agenda item.
‘Yet cybercrime is a very real threat, both from inside and outside a company. Companies suffering a cyber-attack are open to censure and embarrassment, cyber espionage, sabotage or disruption of business operations and run the risk of losing clients. No-one wants to be a victim of fraud. There is no fool proof way to prevent a cyber-attack, but the development of an effective cyber risk response strategy is crucial. Managing cyber risk is a business-critical activity, and cannot be regarded as simply an IT issue.
‘If customers feel that their personal data has been comprised, trust and reputation are seriously undermined. Reputational risk might be high on everyone’s agenda, but cyber risk and reputational risk can no longer be considered separately. In today’s technological world they are inherently linked and must be tackled actively. Senior-level commitment to tackling cyber risk is critical.’