The computer systems of eBay were recently attacked
and compromised by unknown hackers. Ebay initially downsized the
incidence and its impact by stressing
upon mere password change. However, things are not as casual and easy
as Ebay has considered. Three
U.S. States are investigating whether Ebay’s has
committed any wrong by not reporting the matter in a timely manner.
In short, Ebay is under investigation to ascertain
the effectiveness of its cyber security practices. This is not the
first case of this type and this certainly would not be the last of
its kind as well. For instance, Target Corporation was also cyber
attacked in the past and as a result of that Target
Corporation faced litigation
threats around the world. Now EBay is also facing similar
litigation threats.
There seems to some very serious policy level lapses
in U.S. that is allowing the companies to go away with legal
consequences. However, this would not help these U.S. companies in
other jurisdictions and they are vulnerable to diverse forms of legal
actions there.
According to New Delhi based ICT law firm Perry4Law,
“U.S. companies cannot hide behind the veil of conflict
of laws in cyberspace anymore. No company can know this
much better than Google who is facing online
defamation case in India and has to comply with the right
to be forgotten in Europe. Now the Luxembourg and U.K.
data-protection authorities may
probe EBay regarding the cyber-attack that exposed
passwords and personal information of consumers around the world,
including India. Even Indian regulatory authorities may initiative an
investigation against EBay to ensure that privacy
rights and data of Indian citizens may not have been
violated during the cyber breach”.
Now Ebay has decided to streamline its cyber
security. However, this would not be enough as the damage has already
been done. U.S. needs to set an example by investigating and
challenging the cyber security practices of U.S. companies. Till big
corporations are forced to follow the norms there would not be any
change.
Indian government must also introduce cyber
security disclosure norms as soon as possible as Indian
cyber security is in a bad shape. As the cyber
security breaches are increasing world over, India cannot
afford to keep its cyber security lax.
