After Cyberstalking Settlement, eBay Quietly Rewrites Board Oversight Rules

One day after eBay quietly settled the cyberstalking lawsuit brought by journalists Ina and David Steiner, the company’s board adopted new charters for every major board committee: Audit, Risk, Technology, Compensation and Human Capital, and Corporate Governance and Nominating.<br>The timing may be coincidental, but it also raises a broader question. After years of telling regulators and investors that it has rebuilt its culture in the wake of the 2019 scandal, do these governance updates represent real change or minimum viable compliance box-checking needed to move past the crisis?<br>The corporate plot targeted the Steiners for their reporting on eBay at EcommerceBytes while seeking to identify an anonymous source and commenter who went by the name Fidomaster/unsuckEBAY on Twitter.<br>Court records revealed details of a harassment campaign carried out by eBay security personnel led by Senior Security Director Jim Baugh, including threatening messages, disturbing deliveries, doxxing, in-person surveillance and an attempted break-in at the couple’s home.<br>Baugh and six other employees ultimately pleaded guilty. In 2024, eBay entered a deferred prosecution agreement admitting to six felony offenses, paying a $3 million fine and agreeing to three years of enhanced compliance monitoring.<br>That payment went to the U.S. Treasury, leaving the Steiners to pursue compensation through a civil lawsuit filed in 2021 against the criminal defendants, eBay, former CEO Devin Wenig, former Chief Communications Officer Steve Wymer and former SVP of Global Operations Wendy Jones.<br>The trial was scheduled to begin March 2, 2026, but the case settled with undisclosed terms on February 25, leaving broader governance and compliance questions unresolved.<br>The eBay Stalking Saga Ends in Settlement — But Not Closure<br>eBay stalking scandal civil suit settles days before trial, ending a 5-year legal fight while key questions remain unanswered.<br>Value Added ResourceLiz Morton

The updated board committee charters all share a similar basic framework:<br>Each committee “assists the Board in fulfilling its oversight responsibilities” for a defined slice of the risk pie and meets “as often as [it] deems appropriate and as required under applicable law,” with authority to bring in outside advisors. Minutes go to all directors, committees periodically update the full board and flag significant issues to one another, and each runs an annual self-evaluation with recommended charter changes.<br>That repeated emphasis on committees “assisting” the Board, while risk management itself remains the responsibility of management, may sound like boilerplate, but in the wake of the cyberstalking scandal it carries legal weight.<br>By framing committees as reviewers of systems and reports rather than actors responsible for operational decisions, the board is reinforcing a classic Caremark defense under Delaware law: directors oversee risk management, but management runs it.<br>Layered on top of that template is a sharper division of labor as eBay tries to more clearly define board oversight in the wake of the biggest public scandal in its 30-year history.<br>Audit<br>The new Audit Committee charter narrows its mission to what the SEC and PCAOB actually charge audit committees with doing: overseeing financial reporting, internal controls over financial reporting, and the independent auditors.<br>General “compliance with legal and regulatory requirements,” Code of Conduct oversight, and responsibility for the Related‑Person Transactions Policy which were previously assigned to the Audit Committee have now been split out to other committees.<br>Audit can still see compliance issues where they intersect with financial reporting and controls, but it's no longer the catch-all repository for whatever doesn’t fit elsewhere - meaning responsibility for ethics, compliance and regulatory risk is now spread across multiple committees.<br>Corporate Governance and Nominating<br>The Corporate Governance and Nominating Committee (CGNC) is keeping its traditional mechanics (director nominations, committee assignments, governance guidelines) but now adds a substantial ethics and ESG portfolio.<br>Under the new charter, it reviews the Code of Conduct at least annually, oversees compliance monitoring and waiver requests for directors, executive officers and senior finance, and makes recommendations to the board on those waivers, while “periodically” receiving reports on Code violations and waiver requests directly from the Chief Ethics Officer and Chief Legal Officer.<br>It also reviews “tone and culture (the ‘tone from the top’)” on ethics and compliance, oversees the Insider Trading Policy and violations, and takes the lead on “responsible business, sustainability, philanthropy and climate matters,” including the content of sustainability and climate reports except for quantitative metrics reserved to Audit.<br>CGNC is also responsible for...