The EU’s Justice Commissioner Věra Jourová has put pressure on Facebook to disclose further details of the massive security breach that impacted around fifty million users last week.
In a statement on Sunday (30 September), Jourová urged Facebook to comply fully with the body in charge of investigating the breach, Ireland’s Data Protection Commission, and disclose whether EU users were affected by the breach and how their personal data was impacted.
At least 50mln #Facebook users were compromised in the huge security breach. I urge Facebook to fully cooperate with @DPCIreland. We need to know if EU users were affected and what had happened to their data. Here a reminder about the obligations of biz https://t.co/1bZ6IJdJ4B
— Věra Jourová (@VeraJourova) September 30, 2018
Ireland’s Data Protection Commission struck a similar tone on Sunday when they announced that they are still waiting for “further urgent details” of the security breach…[to]…properly assess the nature of the breach and risk to users.”
Facebook said on Friday (28 September) that hackers had discovered a security flaw allowing them to capture data belonging to up to 50 million Facebook users.
According to the New York Times, Facebook’s VP for product management, Guy Rosen, has refused to rule out the possibility that the attack may have been coordinated by a nation-state. Rosen has stated that the hackers were targeting people’s private information, including name, gender and location.
Due to the lack of disclosure given on the specifics of the hack thus far by Facebook, it currently remains unclear as to whether more sensitive information has been accessed.
“We have yet to determine whether these accounts were misused or any information accessed,” Rosen said in a statement on Friday.
“We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details.”
It remains to be seen how hard the European Commission will come down on Facebook in light of the breach.
Under General Data Protection regulation rules, companies could face a fine of up to €20 million or 4% of global annual revenue for the preceding financial year, whichever figure is higher.
In the case of Facebook, this fine could amount to $1.63 billion, if calculated on the basis of the second metric.
The commission is in no mood to cut Facebook any slack. Recently, Jourová has hit out at the firm for its failure to comply with EU consumer regulation, referring to her erstwhile Facebook news feed as a ‘channel of dirt.’
Last year, the company was hit by a huge scandal as part of the Cambridge Analytica revelations, in which the data of up to 87 million users was improperly accessed.
Further negative examples include a 2013 software flaw that exposed the phone numbers of six million users and a technical glitch in 2008 that revealed the dates of birth of around 80 million Facebook users.