Breach exposed consumer names, email IDs, physical addresses, phone numbers, dates of birth and passwords.
An individual from Louisiana, US, has filed a class action lawsuit against online e-commerce website eBay over supposedly failing to secure consumers’ private information leading, which led to a data breach.
The e-commerce firm was hacked in February, while it notified users in May about the attack that compromised a database with sensitive information including consumer names, email Ids, physical addresses, phone numbers, dates of birth and passwords.
The individual has also alleged that the type of data collected and stored by the e-commerce firm via consumers’ credit card, shipping and geo-location data to statistics on page views, mobile phone numbers and community discussions, could be used for identity theft.
eBay’s alleged failure to appropriately secure the sensitive information ‘has caused, and is continuing to cause, damage to its customers, the putative class members herein’, according to the lawsuit filed in the US District Court for the Eastern District of Louisiana.
"The thieves had access to, and reportedly copied, customer names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth, at a minimum," the lawsuit added.
"eBay’s profit-driven decision to withhold the fact of its security lapse further damaged the class members who were prevented from immediately mitigating the damages from the theft."
Recently, researchers uncovered another flaw in eBay that exposes the purchase history of a buyer to any site visitor.
Researchers were able to uncover the sales records for over 228,332 consumers, of which 35,268 could be directly linked to Facebook.