Cyber Incident Victim: eCay Trade

On August 28, 2015, eCay Trade, an online classifieds marketplace operated by the eCay Online Group, publicly disclosed a cybersecurity breach compromising user account information. The Cayman Cyber Incident Response Team (CIRT-KY) formally announced the incident that day, confirming unauthorized access to the platform’s systems. The breach exposed email addresses and passwords belonging to thousands of eCay Trade account holders. As one of five websites under the eCay Online Group umbrella, the compromise raised immediate concerns about the integrity of user credentials across a significant segment of Cayman’s online marketplace ecosystem. No specific timeline for the initial intrusion or duration of unauthorized access was disclosed in the announcement. The incident represented a direct threat to user privacy, given the sensitive nature of the exposed credentials.

The breach prompted CIRT-KY’s involvement in coordinating the public disclosure, though no further technical details regarding attack vectors, containment measures, or forensic findings were released. eCay Trade directly notified its user base of the credential compromise, emphasizing the urgency of password changes but providing no specifics about remediation steps taken by the company. The scale of "thousands" of affected accounts indicated a substantial impact on the platform’s user community, with potential risks extending to credential reuse attacks across other services. No information was disclosed regarding financial data exposure, law enforcement engagement, or third-party assistance in investigating the breach. The incident underscored vulnerabilities within the local digital infrastructure, though the absence of detailed public reporting limited broader understanding of its technical causes or long-term repercussions.