The fallout of a massive data breach at online retailer eBay continued this week with the announcement that several US states are investigating the incident.
eBay revealed this week that at some point “between late February and early March” a database was compromised after hackers stole employee log-in credentials in a cyberattack. The company says it discovered the compromised credentials two weeks ago, and that no confidential or financial information was contained in the databases, but it is urging all users to change their passwords.
On Thursday a release by the Connecticut Department of Consumer Protection and Attorney General warned consumers to change their passwords and announced an investigation.
“My office will be looking into the circumstances surrounding this breach as well as the steps eBay is taking to prevent any future incidents,” Connecticut Attorney General George Jepsen said.
Florida Attorney General Pam Bondi will also investigate, according to the South Florida Business Journal. Bondi worked on the Florida Information Protection Act which is a gubernatorial signature away from being state law. The law would require companies suffering a data breach impacting over 500 people to disclose it within 30 days.
Since the new Florida law has not yet passed, eBay cannot be held to its standard. However, having staked out a political position on the matter, Florida lawmakers may push for a full investigation and consequences for any perceived negligence.
Also similar laws may now become priorities for other states, as shocked consumers demand increased protection.
TechCrunch is reporting that Illinois is also involved in the joint investigation, and that New York Attorney General Eric Schneiderman has requested that eBay provide credit monitoring for consumers.
eBay is surely hoping the investigation has similar results to an Australian investigation into the 2012 Melbourne IT breach, which netted two arrests this week.
The online retailer is far from alone in dealing with shaken public confidence after a breach, though the delayed public reaction and lack of information are clearly frustrating to those commenting on the official announcement. Other high profile data breaches just this year have hit Bitly, AOL, and Yahoo.