eBay may face a joint investigation by three US states, with Connecticut, Florida and Illinois jointly investigating the matter.
According to Reuters, the investigation by the states will focus on eBay’s measures for securing data, circumstances that led to the breach and the company’s response, said Jaclyn Falkowski, a spokeswoman for Connecticut Attorney General George Jepsen.
eBay spokeswoman Amanda Miller declined to comment on the states’ actions, but said it had proactively contacted a number of state, federal and international regulators and law enforcement agencies, and was fully cooperating with them on all aspects of this incident.
While the San Jose headquarted company may still face the California data privacy enforcer over the potential breach of 145 million user records, this marks the second major investigation for the states after they investigated Experian.
The Information Commissioner’s Office told Sky News that his team was “actively looking” at launching a formal investigation into eBay, and called it a “wake-up call” to businesses, consumers and the Government.
Speaking to IT Security Guru, Jonathan Armstrong, partner at compliance group Cordery, said: “The ICO said this morning they were talking to Luxembourg who despite the Google ruling, are still likely to take the lead in Europe at least in the short term.”
“The US does not really have the same concept as the ICO, so in theory all of the state attorney generals could investigate at once, provided there are affected citizens there. There is not too much incentive in a politically charged case for an attorney general not to investigate, or at least to try and get a share of any fines.”