Facebook faces 16bn fine and formal investigation over massive data breach

first_img Twitter The investigation will focus on ‘Facebook’s compliance with its obligation under (GDPR)’. Photograph: Alamy Stock Photo Email This article is more than 9 months old Hacking Pinterest Share on WhatsApp Read more Share via Email “The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” the commission said in a statement on Wednesday.The commission regulates Facebook’s adherence to GDPR, a European law that strengthens the privacy protections of individuals and introduces harsh penalties for companies that fail to protect user data.The commission noted that Facebook had informed the commission that its internal investigation was continuing and that the company continued “to take remedial actions to mitigate the potential risk to users”.“We have been in close contact with the Irish Data Protection Commission since we have become aware of the security attack and will continue to cooperate with their investigation,” said a Facebook spokeswoman.Shortly after the Irish Data Protection Commission announced its investigation, the Spanish Data Protection Agency announced it would collaborate on the investigation to protect the rights of Spanish citizens.The security breach is believed to be the largest in Facebook’s history and is particularly egregious because the hackers stole “access tokens”, a digital security key that allows users to stay logged into Facebook over multiple browsing sessions without having to enter their password each time. When an attacker has this token they can take full control of a victim’s account, including logging into third-party applications that use Facebook Login. Since you’re here… Social networking Irish data regulator could penalize the social network after hack of nearly 50m accounts Shares277277 Share on Pinterest Reuse this content Facebook Share on Messenger Facebook faces $1.6bn fine and formal investigation over massive data breach Facebook Share on Twitter Ireland Olivia Solon in San Francisco The breach comes at time when Facebook is under heavy scrutiny over issues including foreign interference in elections, its role in spreading misinformation and hate speech, and privacy.Facebook announced the breach in a blogpost on Friday, saying it was taking the issue “incredibly seriously”. Over the weekend the commission said it was “concerned that this breach was discovered on Tuesday and affects millions of users”.Facebook was “unable to clarify the nature of breach and risk” to users at that point, the commission said, adding that it was pushing the company to “urgently clarify these matters”.Rowenna Fielding, a senior data protection lead at Protecture Limited, said: “Facebook should have tested the ‘view as’ function with a ‘what could an attacker do with this’ mindset and they either didn’t, or didn’t care about the gaping hole.”center_img Facebook Dr Lukasz Olejnik, an independent cybersecurity and privacy adviser, noted that this was the first major GDPR investigation that would test whether Facebook followed its rules around security of data processing.“This high-stakes matter may become the defining moment of GDPR,” he said.Other data security experts believe that Facebook will get off lightly.“The Irish regulator doesn’t really have a track record of robust enforcement, so I don’t think Facebook is likely to be concerned about penalties they might levy,” said Fielding.She said that the $1.63bn potential fine was “unlikely”, describing it as a “ceiling, not a stipulation”.“However, the precedent set by any regulatory finding of unlawful processing could be very significant, especially in follow-on litigation by individual data subjects affected,” she added. … we have a small favour to ask. The Guardian will engage with the most critical issues of our time – from the escalating climate catastrophe to widespread inequality to the influence of big tech on our lives. At a time when factual information is a necessity, we believe that each of us, around the world, deserves access to accurate reporting with integrity at its heart.More people are reading and supporting The Guardian’s independent, investigative journalism than ever before. And unlike many news organisations, we have chosen an approach that allows us to keep our journalism accessible to all, regardless of where they live or what they can afford. But we need your ongoing support to keep working as we do.Our editorial independence means we set our own agenda and voice our own opinions. Guardian journalism is free from commercial and political bias and not influenced by billionaire owners or shareholders. This means we can give a voice to those less heard, explore where others turn away, and rigorously challenge those in power.We need your support to keep delivering quality journalism, to maintain our openness and to protect our precious independence. Every reader contribution, big or small, is so valuable. Support The Guardian from as little as $1 – and it only takes a minute. Thank you. The Irish Data Protection Commission has opened a formal investigation into a data breach that affected nearly 50m Facebook accounts, which could result in a fine of up to $1.63bn.The breach, which was discovered by Facebook engineers on Tuesday 24 September, gave hackers the ability to take over users’ accounts. It was patched on Thursday, the company said. GDPR Topics Share on Facebook @oliviasolon This article is more than 9 months old Share on Twitter Share via Email Data protection Europe This high-stakes matter may become the defining moment of GDPRDr Lukasz Olejnik, security expert Share on Facebook Last modified on Tue 14 May 2019 03.40 EDT The Irish Data Protection Commission regulates Facebook’s adherence to European data standards.Photograph: Alamy Stock Photo news Huge Facebook breach leaves thousands of other apps vulnerable Support The Guardian Wed 3 Oct 2018 17.12 EDT Share on LinkedInlast_img