Irish Data Regulator Likely to Fine Facebook for Data Breach
The Irish data regulator is reportedly likely to impose a fine on Facebook after conducting an investigation into a data breach that had affected millions of users.
The Guardian reports, “The Irish Data Protection Commission has opened a formal investigation into a data breach that affected nearly 50m Facebook accounts, which could result in a fine of up to $1.63bn.”
It was recently, on September 25, that Facebook engineers discovered the data breach. With this breach, the hackers were reportedly able to take over users’ accounts. Facebook had clarified that the issue was fixed and law enforcement informed.
A Facebook news release dated September 28, 2018 states, “On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”
A statement issued via Twitter by the Irish Data Protection Commission says, “The Irish Data Protection Commission (DPC) has today, 3 October 2018, commenced an investigation under Section 110 of the Data Protection Act 2018 into the Facebook data breach for which notification was received by the DPC on Friday 28 September. ”
The statement further says, “In particular, the investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes “The statement also says that Facebook has informed the DPC that their internal investigation is continuing and that remedial actions are being taken to mitigate risk to users.
The Spanish Data Protection Agency too has announced, on the heels of the announcement from the Irish Data Protection Commission, that it would also collaborate on the investigation and seek to protect the rights of Facebook users in Spain.
The Facebook data breach is really something big; The Guardian says, “The security breach is believed to be the largest in Facebook’s history and is particularly egregious because the hackers stole “access tokens”, a digital security key that allows users to stay logged into Facebook over multiple browsing sessions without having to enter their password each time. When an attacker has this token they can take full control of a victim’s account, including logging into third-party applications that use Facebook Login.”
The breach happens at a time when Facebook is facing scrutiny in connection with issues pertaining to the spread of misinformation, foreign interference in elections, privacy etc.