Facebook could face EU fine of up to $1.63B over latest data breach
Facebook Inc. could be fined as much as $1.63 billion by the European Union over a data breach revealed Friday that compromised the accounts of 50 million users.
The Wall Street Journal suggested the figure Sunday, reporting that Ireland’s Data Protection Commission, which is charged with investigating Facebook on behalf of the EU, has demanded information from the company as part of a potential formal investigation.
“[We are] concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point,” the commission said in a statement.
The hack, which involved unknown people gaining the ability to access Facebook accounts using a vulnerability in the generation of access tokens via the “View As” feature, could become the biggest test of the EU’s General Data Protection Regulation to date.
Pravin Kothari, chief executive officer of CipherCloud Inc., told SiliconANGLE that the hack raises a lot of questions. “Whom did this impact, exactly? Do any of those 50 million customers impacted reside in the European Community? If so, will this fall under GDPR and how will it be treated?”
“Given the horrendous publicity from the Cambridge Analytica data exposures, the EU reaction is not easily predicted,” he said. “Not knowing all of the detail of when the breach was discovered, who, exactly was impacted, who was responsible, etc., the possible outcomes may be worse than we know today. We’ll have to see what Facebook discloses about potential liability if any exists. The calculations of the potential fines under GDPR are a bit mind-boggling with any possible impact to millions of users.”
Under GDPR, companies that are hacked and found to have not adequately safeguarded users risk a fine of $23 million or 4 percent of a firm’s annual revenue for the prior year. The $1.63 billion figure is calculated using Facebook’s annual revenue in 2017.
Although the EU fine remains a strong possibility, others note that the Facebook hack isn’t as serious as some are suggesting
“In something as big and complicated as Facebook, there are bound to be bugs,” said Sophos Group plc Principal Research Scientist Chester Wisniewski. “The theft of these authorization tokens is certainly a problem, but not nearly as big a risk to user’s privacy as other data breaches we have heard about or even Cambridge Analytica for that matter.”
As with any social media platform, he pointed out, users should assume their information may be made public, through hacking or simply through accidental oversharing, which is why sensitive information should never be shared through these platforms.
“For now, logging out and back in is all that is necessary,” he said. “The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms they share personal information with.”
Photo of Facebook CEO Mark Zuckerberg: quintanomedia/Flickr
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.