Congress’s eBay Data Breach Probe

A bipartisan group of U.S. House representatives have asked eBay some pointed questions in the wake of the massive data breach the company announced in May — and for now, at least, eBay has satisfied the lawmakers, according to eCommerceBytes.

In a May 28 letter to eBay CEO John Donahoe, Reps. Joe Barton (R-Texas) and Bobby Rush (D-Ill.) expressed “concerns regarding data security practices of personal information at eBay” — especially how eBay could be sure what information was stolen in the breach. Cyberthieves reportedly used employee credentials to access a customer database, where they could get at customer names, dates of birth, E-mail addresses, phone numbers and encrypted passwords — but not payment card and Social Security numbers, according to eBay.

Barton and Rush are members of the Congressional Bipartisan Privacy Caucus. The breach is also under investigation by Attorneys General from at least ten states, including Connecticut, Illinois and Florida.

In the case of the congressmen, at least, the investigators are satisfied. “We have heard back from eBay and aren’t seeking any additional information from the company at this time,” a spokesman for Barton told eCommerceBytes this week. He added that eBay’s responses won’t be made public because “in order to get complete responses, we promised eBay that we would keep them confidential.”

For its part, eBay insists that passwords and credit card informations weren’t compromised. “Five months after the attack was discovered, it still remains true that none of our customers’ financial data was compromised in the attack,” eBay spokesman Ryan Moore said. “And we have no evidence that the stolen passwords have been decrypted.”