Hackers stole the personal data of hundreds of millions of eBay customers, the online auction site admitted today.
Cyber criminals managed to compromise a small number of employee log-in credentials, gaining unauthorised access to eBay's corporate network and causing quite a bit of damage.
It's possibly the biggest commercial cyber attack to date, and while the 220 million victims' financial details are safe, their personal information doesn't seem to be.
Cyber criminals managed to steal names, email addresses, home or work addresses as well as phone numbers and dates of birth - basically enough to commit some serious identity fraud.
Weirdly enough, eBay should be kind of happy despite the bad press. Had this happened not in 2014, but in 2015, it's very likely they would be facing a huge fine - up to €100m, or 5% of annual revenues, for EU-based data (more than 15 million British people could be in that 220m number).
Up till then, the UK's Information Commissioner's Office could only levy fines of £500,000 max - fines that have already hit Sony, the Ministry of Justice and others.
That's all because of new EU data regulations due to be drafted into law ready for 2015, which expand the definition of personal data from the old guidance published in the mid '90s, as well as making companies more responsible for the personal information of their customers.
CBR speaks to Oracle's UK technology director for mobility and information security, Andrew Bushby, about how not to become the source of the next big data breach.