Judge tosses eBay data breach class action

A federal judge dismissed a proposed class action lawsuit against eBay over its 2014 data breach, ruling that plaintiffs failed to prove they were tangibly injured by the hack.

U.S. District Judge Susan Morgan of the Eastern District of Louisiana said the plaintiffs lacked standing because they argued on the basis of a “threat of future harm” — that the breach would make them more vulnerable to identity theft in the future — rather than ongoing harm.

ADVERTISEMENT

"The mere fact that plaintiff's information was accessed during the data breach is insufficient to establish injury-in-fact,” Morgan wrote.

"Thus, the potential threat of identity theft or identity fraud, to the extent any exists in this case, does not confer standing on plaintiff to pursue this action in federal court."

The ruling, a victory for eBay, sheds light on the specifics of the company’s 2014 data breach.

Early last year, hackers accessed a database that held customers’ encrypted passwords, names, dates of birth and contact information, but no payment or financial data. Several months later, eBay alerted users about the breach and urged them to change their passwords.

The type of data compromise in the attack distinguishes the eBay breach from similar incidents at retailers such as Target and Home Depot. In those cases, as many of 40 million and 56 million credit and debit cards were compromised, respectively.

Both Target and Home Depot are facing a variety of class action lawsuits from victims.