A Louisiana man has sued eBay over a security breach in which cyber criminals gained access to a database containing user information including names, addresses and dates of birth. eBay said the file did not contain financial information.
The lawsuit alleges eBay waited to inform customers about the breach “until after the news had leaked out of the company,” calling it a “profit-driven decision” that further damaged users who were “prevented form immediately mitigating the damages from the theft.”
eBay said the hack occurred in late February and early March, revealed the incident on May 21st, and said it had detected the breach “earlier in May.”
eBay said that after conducting extensive analysis, “we have no evidence that any customer financial or credit card information was involved. Likewise, the file did not contain social security, taxpayer identification or national identification information.”
However, it did require users to reset their passwords.
The consumer privacy class-action lawsuit alleges “The security breach was the result of eBay’s inadequate security in regard to protecting identity information of its millions of customers. eBay’s failure to properly secure this information has caused, and is continuing to cause, damage to its customers, the putative class members herein.”
Among the claims are Negligence, Breach of Contract, Breach of Fiduciary Duty, and Violation of Multi-State Privacy Laws. The lawsuit claims that as a result of the eBay breach, class members suffered actual identity theft and other damages including time and money spent mitigating the increased risk of identity theft.
The plaintiff, Collin Green, is seeking a jury trial, compensatory and consequential damages, injunctive relief, costs of the suit, pre-judgment and post-judgment interest, and other relief the Court deems proper.
Surprisingly he filed the lawsuit in Louisiana rather than California. It remains to be seen whether the Court will allow the lumping of all users into one class.