The computer systems of eBay were recently attacked and compromised by unknown hackers. Ebay initially downsized the incidence and its impact by stressing upon mere password change. However, things are not as casual and easy as Ebay has considered. Three U.S. States are investigating whether Ebay’s has committed any wrong by not reporting the matter in a timely manner.
In short, Ebay is under investigation to ascertain the effectiveness of its cyber security practices. This is not the first case of this type and this certainly would not be the last of its kind as well. For instance, Target Corporation was also cyber attacked in the past and as a result of that Target Corporation faced litigation threats around the world. Now EBay is also facing similar litigation threats.
There seems to some very serious policy level lapses in U.S. that is allowing the companies to go away with legal consequences. However, this would not help these U.S. companies in other jurisdictions and they are vulnerable to diverse forms of legal actions there.
According to New Delhi based ICT law firm Perry4Law, “U.S. companies cannot hide behind the veil of conflict of laws in cyberspace anymore. No company can know this much better than Google who is facing online defamation case in India and has to comply with the right to be forgotten in Europe. Now the Luxembourg and U.K. data-protection authorities may probe EBay regarding the cyber-attack that exposed passwords and personal information of consumers around the world, including India. Even Indian regulatory authorities may initiative an investigation against EBay to ensure that privacy rights and data of Indian citizens may not have been violated during the cyber breach”.
Now Ebay has decided to streamline its cyber security. However, this would not be enough as the damage has already been done. U.S. needs to set an example by investigating and challenging the cyber security practices of U.S. companies. Till big corporations are forced to follow the norms there would not be any change.
Indian government must also introduce cyber security disclosure norms as soon as possible as Indian cyber security is in a bad shape. As the cyber security breaches are increasing world over, India cannot afford to keep its cyber security lax.