Last week, Facebook suffered one of its biggest hacks to date. A vulnerability in the “View As” feature allowed the still-unknown hackers to get access to the data of at least 50 million accounts. Despite the fast response shown by the social media giant, Facebook could be looking at up to $1.63 billion in fines for the security breach.
Facebook and User Data – Yet Another Data Breach
The social media giant has had a rough time trying to reinstate trust in its services after the Cambridge Analytica scandal. Suffice it to say that the latest data breach isn’t doing much to help Facebook’s image. Regulators and users alike were quick to call for an investigation into Facebook’s role in the privacy breach. In fact, if the platform is found to have fallen short at any point, it may face some heavy fines in the future.
While this attack differs significantly from the previous scandal, many are pointing the finger at Facebook itself. Even though the platform had no way of predicting such an attack would happen, Facebook did acknowledge that the vulnerability has existed since a code update in July 2017. Now, that vulnerability may have some serious consequences for users all over the world.
The GDPR – Facebook May Be Facing Fines
Since Facebook’s European HQ is based in Ireland, it falls under the jurisdiction of Ireland’s Data Protection Commission. On Sep. 30th, the IDPC released a statement on Twitter asking for more details specific to EU users affected by the breach. Yesterday, they released the following update:
UPDATE Facebook data breach – @DPCIreland understands that the number of potentially affected EU accounts is less than 10% of the 50 million accounts in total potentially affected by the security breach. DPC Ireland statement beneath. #dataprotection #GDPR #EUdataP pic.twitter.com/oSfGy6DP2S
— Data Protection Commission Ireland (@DPCIreland) October 1, 2018
Following the Cambridge Analytica scandal, Facebook stated that it will follow through with the GDPR’s new data rules. The platform did try to comply with the rules, despite the consequent loss of users in the EU.
However, if the IDPC finds the platform complicit or responsible in any way to the attack (say…finding a vulnerability in 2017 and not really fixing it…for example) the possible fine may become a reality.
Facebook’s Data Breach – Final Thoughts
Till now, investigations are still underway to find out what and who is responsible for the global data breach. In essence, the IDPC needs to find Facebook culpable in one way or another to implement the 4% fine. We can’t really predict what will happen if this comes to pass.