La Plata County resident Robin Ramsden’s sales on eBay Inc. has crashed since the company announced last month it was the victim of a cyber attack.

Ramsden’s online store, called Cornerstone Stained Glass Supplies, has seen the majority of its sales come through eBay since she began selling online in 2001. She works out of her home and employs four local workers. When sales dropped by more than half, she had to lay off employees and cut hours.

“People are just too afraid to make purchases of big quantities,” she said.

eBay officials announced May 21 that computer hackers penetrated the company’s user database containing encrypted passwords and other nonfinancial data. The attack, which happened in late February or early March, used employee log-in information to access customers’ names, email addresses, physical addresses, phone numbers and birth dates. Statements from top eBay executives asked all users to change their passwords.

“After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit-card information, which is stored separately in encrypted formats,” a news release said. “However, changing passwords is a best practice and will help enhance security for eBay users.”

Ramsden said she does 70 percent of her business on eBay and the rest on Etsy, an online marketplace.

“When this crash happened, it just changed everything overnight,” Ramsden said. “I was shocked. I didn’t think much about it instantly, but the weekend sales had crashed so bad,” and they typically bring in $5,000. Ramsden said she believes eBay could do more public relations to convince people it’s safe to buy products on the website.

Don Jackson, director of threat intelligence for PhishLabs in Charleston, South Carolina, agrees eBay should be doing more. Jackson thinks eBay’s site is safe. However, criminals already are using the data to try to scam people, something eBay has not confirmed publicly, he said.

“To me, changing the password is not the highest priority,” Jackson said. “If it were me, it would be educating users to be aware of what these scams, that have been already perpetrated, look like.”

Because hackers have real, accurate information on eBay customers, Jackson said they could more easily trick potential victims. The “phishing” email says there’s unusual activity or a person’s account is locked and directs people to a fake Web page to log in. Phising involves emailing in an attempt to get personal information from people by pretending to be a legitimate company.

“It’ll be very convincing because it will be based on their actual eBay user name, and they can include details like recent auctions,” he said. “It’s not just a random phishing email saying, ‘Hey, please log in to a bank that you may or may not bank with.’”

Cornerstone’s eBay sales are getting stronger, but it’s a slow process, Ramsden said. Her sales have increased on Etsy, and she’s listing more products there. NBC News interviewed Ramsden last week about the impact the cyber attack has had on her business.

“I just know if (eBay) did a little damage control, like Target did or like any other major corporation did, it would make a difference,” she said.

smueller@durangoherald.com