EBay is facing a class action lawsuit over a data breach which placed sensitive customer information at risk.
The online auction website was hacked in February, but waited until May to inform users. Cyberattackers compromised a database which held sensitive information including customer names, email addresses, physical addresses, phone numbers, dates of birth and their encrypted passwords.
At the time, eBay issued an advisory to customers asking that they change their passwords, and said it couldn't find any evidence of the cybercriminals accessing financial information. The firm also stated that there was no evidence PayPal had been affected. However, the data breach was not only damaging to the company's reputation, but a class action lawsuit claims that consumers are still feeling the consequences of lax security.
The lawsuit was filed Wednesday by Louisiana-based Collin Green on his own behalf as well as other customers impacted by the security breach, as reported by PC Advisor. The complaint states that eBay's inadequate security allowed customer identity data to be compromised, and the e-commerce site's failure to protect such data "has caused, and is continuing to cause, damage to its customers, the putative class members herein."
The complaint also states that eBay did not immediately notify users of the breach, and instead withheld the information based on profit. This, in turn, allegedly damaged the class action members further, as it prevented users from "immediately mitigating the damages from the theft."
Green has requested a trial by jury. If the combined claims of the class action members are accepted, this could cost eBay over $5 million in damages alone.