Facebook could face $1.63B fine under GDPR over latest data breach
Facebook could face potentially billions in fines under GDPR for the latest data breach which impacted roughly 50 million accounts.
The security incident, was caused by a vulnerability in Facebook’s code which permitted attackers to steal access tokens.
Data Breach was detected on September 25, 2018
Access tokens are used to keep Facebook users logged in when they switch over to a public profile view via the “View As” feature.
The breach was detected on September 25. The vulnerability, comprising of three separate bugs, has been resolved and the access tokens of affected users have been reset, alongside an additional 40 million users that were subject to a “View As” lookup over the past 12 months.
It took mere hours before class-action lawsuits were filed against Facebook for failing to protect user data. It seems that it took only a little longer for regulators to become involved.
50 million users impacted
According to the Data Protection Commission (DPC) for Ireland, the number of affected accounts involved in the latest security incident relating to EU citizens is less than 10 percent of the total 50 million users impacted.
This works out to roughly five million users, which is still a huge number of people who may have had their data accessed or stolen.
Under the Data Protection Act 1998, Facebook was fined £500,000 by the UK’s Information Commissioner’s Office (ICO) for permitting the data-harvesting antics of Cambridge Analytica, leading to the improper sharing of data belonging to 87 million Facebook users in the UK, US, and beyond.
The old privacy laws which once held sway in Europe permitted a maximum fine of £500,000, and this was the same amount that Equifax was fined over a data breach which compromised data belonging to 15 million UK citizens.
However, now businesses in the EU are held accountable under the General Data Protection Regulation (GDPR), which came into effect May 25, the potential financial ramifications could be far more serious.
The UK has already issued its first GDPR notice against AggregateIQ Data Services (AIQ), which has been connected to the Facebook-Cambridge Analytica data scandal.
Fine up to €20 million or 4 percent of annual global turnover
If Facebook is found to be in breach of GDPR for failing to adequately protect user data over this incident, the company faces a fine of up to €20 million or 4 percent of annual global turnover — and as the fine applies to whichever is higher, the social networking giant could find itself forking out far more.
Based on Facebook’s financial results for the last fiscal year, the fine could be up to $1.63 billion.
In the firm’s Q2 2018 financial results, Facebook reported net income of $5.1 billion and non-GAAP earnings of $1.74 per share on revenue of $13.23 billion.
The data breach is not the only headache Facebook recently had to cope with. The company has also faced criticism over its use of phone numbers given by users in the interest of security for targeted advertising.
Information source from: https://www.zdnet.com