Spears Legal Technology


This blog is a resource guide for informational purposes only, and not the delivery of legal, technical or other professional advice. Using the information provided on this blog does not constitute an attorney-client relationship. If you need legal advice, please consult your lawyer.

eBay Demonstrates How Not to Respond to a Huge Data Breach

Companies need to have an incident response plan in place before the breach occurs. This kind of publicity only makes an already bad situation worse.

In the wake of eBay’s revelation earlier this week that it had lost as many as 145 million customers’ data, eBay users and security response professionals say they’ve been increasingly angered and amazed at the company’s ham-fisted public response to an incident that’s already sparked multiple government investigations. EBay’s mistakes include taking days to post a notice about the breach on eBay.com and confusing users as to whether their PayPal accounts had also been affected. As of Friday afternoon, many–if not the majority–of the site’s users still had received no email notification about the breach.

“It just seems like their response has been complete disarray and disorganization,” says Dave Kennedy, the CEO of security consultancy and breach response firm TrustedSec. “This is one of the worst responses I’ve seen in the past ten years from a company that’s experienced a breach.”


blog comments powered by Disqus