Security Watch

Keeping Track of patches and hacks in the IT security world.

The Real Cost of the eBay Breach

During eBay's second-quarter financial analysts call, executives hinted at the real impact of its May data breach.

Download the authoritative guide:

data breach

On May 21, eBay first publicly acknowledged that one of its databases was breached and advised users to change their passwords. In the months since then, eBay has offered little commentary on the breach—that is, until July 16, during the company's second-quarter financial results call with analysts. During the call, both the CEO and CFO of eBay revealed new details about the May breach and its costs.

"For the first half of the quarter, eBay was performing in line with our expectations," John Donahoe, president and CEO of eBay, said during his company's financial results call. "Then in early May, we discovered an unauthorized access to our corporate network."

Donahoe reiterated details that eBay first reported back in May, including the fact that the database only contained nonfinancial information on eBay users. Additionally, the compromised database included encrypted passwords, which eBay says were not breached by the attackers. As a result of the breach, eBay advised its users to reset their passwords, an action that Donahoe said was the right decision.

That decision to ask users to reset their passwords, however, has had an impact on eBay's business.

"Buyers representing approximately 85 percent of affected volume have reset their passwords, but some of these buyers have not yet returned to their previous activity levels," Donahoe said. "So, we are stepping up targeted marketing efforts in the second half to fully re-engage these and other users who have not yet reset their password."

That's really interesting. The data breach, which allegedly did not breach any user financial information, still led to somewhat of a crisis of confidence in some eBay users. That's an important thing to note about the true cost of data breaches. It's not just about actual dollars stolen in a theft; it's also about confidence and the overall trust that consumers place in a brand. If consumers are less confident about the security of a given site or service, they won't do as many transactions.

Going a step further, Bob Swan, chief financial officer at eBay, provided a little financial color on the impact of the data breach. While Swan didn't assign a specific number to the data breach, he did attribute a decline in eBay's operating margin to the breach.

"The decline in operating margin was driven by expenses related to the cyber-attack and increased investment to increase the vibrancy of the site," Swan said. "Non-GAAP operating margin was 24.4 percent, down 190 basis points."

Data breaches have costs that go beyond just the value of a lost record or piece of information. It's clear that customer confidence and brand value are impacted by them. In the eBay case, it's now clear that even a nonfinancial data breach can impact the bottom line too.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.