Recent Breach at eBay Shows Us What Not to Do

On May 21st, eBay announced that it had experienced a data breach that had potentially affected all 145 million of its users.  In addition to the shock wave of bad press, regulatory and congressional scrutiny, and calls to action by State Attorneys General that follow all high profile data breaches, eBay has been hailed as the prime example of how NOT to handle a data breach.  To begin with, eBay took days to post a notice about the breach on ebay.com and send email notifications to its users.  When eBay did finally post an online notice about the breach, it did so first only on its corporate website – ebayinc.com – rather than its primary user-facing website.  Additionally, misleading press releases and postings on PayPal’s website confused users as to whether their PayPal accounts had been compromised.

Unfortunately, for eBay customers, the worst might yet be to come. Despite the fact that users have now been pinged to change their passwords, it does not change the fact that hackers took off with the complete user database, including phone numbers, mailing addresses and email.  The comedy of errors that took place after eBay’s breach could indicate that eBay, despite being one of the biggest ecommerce companies on the planet, did not have a proper breach response plan in place.  With the onslaught of data breaches continuing on a larger and larger scale, it is more important than ever for companies, including hotels, to properly train employees, ensure that an appropriate breach response plan has been put in place, and ensure that policies are in place to adequately protect customer information.   Hotels can help protect themselves from the risk of data breach by properly training their employees to comply with robust data-security practices and policies by utilizing Venza’s PCI training modules or other custom learning solutions.

 

The Venza Group has partnered with the law firm Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards.  The Venza Group also has partnered with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues and on sexual harassment prevention.