Connecticut Investigates Attack on eBay With Other States

May 22, 2014

Credit Ebay
EBay said in a blog post that users should change their passwords.

Connecticut's attorney general is working with other states to try and prevent data breaches like the ones that happened to eBay, Target, and Neiman Marcus.

The online auction site eBay was hacked a few months ago, and asked all its users to change their passwords on Wednesday. Connecticut Attorney General George Jepsen said there should be a national solution to problems like this. His office is working with the attorneys general of Illinois, Florida, and other states to find out how it happened, how many people it affected, and how we can prevent something like this from happening again.

EBay said in a blog post that users should change their passwords, because a cyberattack compromised a database which included user names, passwords, emails, phone numbers, and dates of birth. The company pointed out there's no evidence of access to financial information.

Jepsen said the attorneys general are already cooperating on cybersecurity. "This is not an uncommon thing," he said. "It's just that it's rare that it's at this national level and this scope."

In January, Target estimated hackers may have taken the names, addresses, phone numbers, and emails of up to 70 million people in an attack around Thanksgiving. Jepsen said the bipartisan group of attorneys general started working on cybersecurity after that breach, and another one at Neiman Marcus.

"We need to start to look towards a national solution for these kinds of issues," Jepsen said. "For example, I think we ought to consider moving credit cards to a European model of having a chip embedded in them rather than a magnetic stripe, because the magnetic stripe, and swiping that, is the portal of entry to a lot of these hackers."

Jepsen also said that once the investigation is complete, his office will see if it's worth fining eBay for what happened.

Such a consequence wouldn't be unprecedented. Last August, Connecticut fined Citibank $55,000 because hackers managed to get account information for more than 360,000 Citibank customers, including about 5,066 Connecticut residents.