Two federal lawmakers requested more information on the data breach recently announced by eBay, expressing concerns about the general climate for information security at the company.
Reps. Joe Barton (R-Texas) and Bobby Rush (D-Ill.) co-chairs of the Congressional Bi-partisan Privacy Caucus, called upon eBay to explain its methods for handling sensitive data and also reveal any other data breaches that have occurred since the online auction site was launched in 1995.
“A breach of security is not unknown to many companies, and we applaud eBay Inc. for alerting its users to change their passwords to ensure further protection of any personal information,” stated Barton and Rush in a May 28 letter.
eBay announced that hackers accessed customers’ names, encrypted passwords, email addresses, physical addresses, phone number and date of birth, the lawmakers noted. However, they cited eBay’s privacy policy, which states that the company also collects such data as billing information, data collected via social media sites, personal information for authentication purposes and some transactional data. Barton and Rush questioned why this personally identifiable information was not compromised as well.
The congressmen’s letter also asked whether eBay tracks users’ locations when they use mobile devices and whether the company has learned the “full scope of the breach.”
Barton and Rush asked eBay to respond by June 25. The pair has also sponsored a bill, H.R. 4400, called the Data Accountability and Trust Act. The legislation would require the Federal Trade Commission to develop regulations for the security, use and disposal of electronic and non-electronic personal data. Notably, the bill would preempt any state laws on information security and give full oversight to the FTC, which would have the authority to monitor security processes and conduct audits on any data broker that experiences a breach.