Last week, online marketplace eBay urged users to change their passwords after hackers successfully gained access to 145 million user records from the online auction site. According to eBay, the attack occurred in late February and early March but was only detected two weeks ago.
“All the organisations that we think can’t be harmed can easily be targets, so there are important lessons there for South African businesses,” Robby Coelho, partner in technology media telecommunications and intellectual property team at Webber Wentzel, told CNBC Africa.
“What it does illustrate is even though organisations do put in place what they would regard as robust measures, simple things like employee logins and [that] haven’t been changed or updated lead to vulnerabilities which can be exploited and wreak havoc for a company.”
(READ MORE: Threat of cybercrime in South Africa grows)
Coelho added that eBay did not believe that passwords were compromised as the system responsible for that particular information was encrypted, and urged users to change their passwords as a precaution.
The online breach is one of many hacking incidents that have occurred around the globe. Of the occurrences, one of the largest hackings was in 2012 when Visa and MasterCard suffered a breach of information of 1.5 million account numbers.
“EBay say only information like names, email addresses, postal addresses and dates of birth have been compromised, but that’s what’s been lost in the story. People have assumed that it was sensitive information [such as] financial information, pins [and] passwords,” Coelho explained.
“Information which generally wouldn’t be regarded as sensitive hasn’t been compromised according to eBay but yet that’s not the story, and all this damage has been caused because simple things like employees not changing their passwords or not doing what they should do has led to this.”
(WATCH VIDEO: Have you been hacked by the Heartbleed bug?)
Coelho added that as a result of the breach, there is scope for data subjects to potentially have claims against eBay for negligence. Because eBay is an international company as well, with regulators and authorities throughout the world looking into them, they potentially face exposure and liability and jurisdictions that have never had a precedent before.
In a sphere such as technology, media and telecommunications, regulation is a key factor and has been in constant flux in the past few years.
“There are challenges in regulating this sector with convergence, different kinds of media converging, and that’s all the reason why we have new data protection legislation in South Africa because of this convergence. Information can be used in so many different ways through technology and the like and there is a need for greater, more sophisticated regulation.”