eBay Seeks Dismissal of Breach Lawsuit

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/ebay-seeks-dismissal-breach-lawsuit-a-7393

eBay has filed a motion to dismiss a class action lawsuit filed against the
company in July following a breach earlier this year that resulted in 145
million customers having their personal information compromised.

The plaintiff named in the case "does not allege that he has been injured
by misuse of the stolen information," eBay says in its motion to dismiss
the lawsuit, which was filed Sept. 30. "He does not allege that anyone has
used his password, or that anyone has even tried to commit identity fraud
with his information - let alone that anyone has actually succeeded in
doing so - and that he has thereby suffered harm."

Instead, eBay argues, the plaintiff "relies on vague, speculative
assertions of possible future injury - that maybe at some point in the
future, he might be harmed."

In addition, eBay argues the plaintiff failed to state a claim upon which
relief can be granted. eBay alleges the plaintiff has taken a "shotgun"
approach to pleading his claims, "asserting no fewer than 10 causes of
action, including one under a statute that does not provide a private right
of action and another under a statute that was repealed before the
complaint was filed."

Lawsuit Details

The lawsuit, filed on behalf of Collin Green and all customers of eBay,
contends that the breach was the result of the company's "inadequate
security" for protecting identity information of its millions of customers.

"eBay was aware of the value of the personal information it held, and
threat to the security of that information long before the 2014 security
breach," the lawsuit says, citing eBay's first quarter 2014 SEC filing,
where the company acknowledged that security breaches were a constant
threat.

The lawsuit asserts that e-Bay violated state privacy laws, the
Gramm-Leach-Bliley Act and the Federal Stored Communications Act. It also
alleges a violation of Louisiana R.S. 51:3072, which states that
"expeditious notification of possible misuse of a person's personal
information is imperative."

The suit doesn't specify instances of fraud or identity theft, but says
class members "must be vigilant for many years in checking for fraud in
their name, and be prepared to deal with the steep costs associated with
identity fraud." It seeks compensatory damages, consequential damages,
injunctive relief and costs of the suit, including attorneys' fees.

Breach Background

The breach, which eBay revealed in May, occurred between late February and
early March. It began after a small number of employee log-in credentials
were compromised, which allowed cyber-attackers to gain access to eBay's
corporate network (see: eBay Sees Revenue Decline Due to Breach).

Compromised information included encrypted passwords, customer names,
e-mail addresses, mailing addresses, phone numbers and dates of birth,
according to the company. The exposed database did not contain financial
information, eBay says. The company urged 145 million customers to reset
their passwords.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!