Facebook’s latest data breach – which has hit up to 50 million accounts – has triggered a raft of investigations from regulators as the fall-out from the hack attack continues.
The issue, which came to light late last week, has already sparked yet another class action in the US and widespread condemnation.
Although exact details of which users have been hit have not been revealed, the company has contacted the Irish Data Protection Commissioner, meaning it could be investigated under GDPR. The UK Information Commissioner’s Office is also carrying out its own enquiries.
Under GDPR, if Facebook users from multiple European countries are found to be affected, data regulators from each of the countries may reserve the right to individually fine the company.
The vulnerability itself, which is the result of three distinct “bugs”, was introduced in July 2017 when Facebook implemented new video upload functionality. On September 16 the firm noticed an unusual spike in users, which sparked an investigation.
Facebook finally uncovered the attack last Tuesday, September 25, before informing the relevant parties on the following day, and fixing the vulnerability on Thursday evening.
However, by Friday, lawyers in the US had already launched a new class action. Carla Echavarria of Calilfornia and Derrick Walker of Virginia allege Facebook’s lack of scrutiny has left them more vulnerable to identity theft, and are suing for statutory damages and penalties.
Facebook is already facing more than three dozen class action lawsuits over Cambridge Analytica.
Damian Collins, the chair of the Commons Digital, Culture, Media & Sport committee responsible for investigating the illegal use of user data during the Brexit referendum, said there is “no outside scrutiny” at Facebook and that there was now a “lack of trust” in the social media giant.
He said: “Facebook’s latest data breach demonstrates more clearly than ever why Mark Zuckerberg should face public scrutiny about the practices and policies his company employs to keep British users’ data safe.”
Last week, chair of Civil Liberties, Justice & Home Affairs Committee Claude Moraes filed a resolution for the social media company to face “a full and independent audit of its platform investigating data protection and security of personal data”.
EU chief calls for audit of Facebook’s data practices
Brussels threatens Facebook over data transparency
ICO data analytics probe ‘the biggest ever undertaken’
Facebook displays ‘contempt’ with Zuckerberg no-show
Facebook accused of dodging Parliamentary data probe