This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.theguardian.com/technology/2018/oct/03/facebook-data-breach-latest-fine-investigation
The article has changed 6 times. There is an RSS feed of changes available.
| Version 3 | Version 4 |
|---|---|
| Facebook faces $1.6bn fine and formal investigation over massive data breach | Facebook faces $1.6bn fine and formal investigation over massive data breach |
| (25 days later) | |
| The Irish Data Protection Commission has opened a formal investigation into a data breach that affected nearly 50m Facebook accounts, which could result in a fine of up to $1.63bn. | The Irish Data Protection Commission has opened a formal investigation into a data breach that affected nearly 50m Facebook accounts, which could result in a fine of up to $1.63bn. |
| The breach, which was discovered by Facebook engineers on Tuesday 24 September, gave hackers the ability to take over users’ accounts. It was patched on Thursday, the company said. | The breach, which was discovered by Facebook engineers on Tuesday 24 September, gave hackers the ability to take over users’ accounts. It was patched on Thursday, the company said. |
| Huge Facebook breach leaves thousands of other apps vulnerable | |
| “The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” the commission said in a statement on Wednesday. | “The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” the commission said in a statement on Wednesday. |
| The commission regulates Facebook’s adherence to GDPR, a European law that strengthens the privacy protections of individuals and introduces harsh penalties for companies that fail to protect user data. | The commission regulates Facebook’s adherence to GDPR, a European law that strengthens the privacy protections of individuals and introduces harsh penalties for companies that fail to protect user data. |
| The commission noted that Facebook had informed the commission that its internal investigation was continuing and that the company continued “to take remedial actions to mitigate the potential risk to users”. | The commission noted that Facebook had informed the commission that its internal investigation was continuing and that the company continued “to take remedial actions to mitigate the potential risk to users”. |
| “We have been in close contact with the Irish Data Protection Commission since we have become aware of the security attack and will continue to cooperate with their investigation,” said a Facebook spokeswoman. | “We have been in close contact with the Irish Data Protection Commission since we have become aware of the security attack and will continue to cooperate with their investigation,” said a Facebook spokeswoman. |
| Shortly after the Irish Data Protection Commission announced its investigation, the Spanish Data Protection Agency announced it would collaborate on the investigation to protect the rights of Spanish citizens. | Shortly after the Irish Data Protection Commission announced its investigation, the Spanish Data Protection Agency announced it would collaborate on the investigation to protect the rights of Spanish citizens. |
| The security breach is believed to be the largest in Facebook’s history and is particularly egregious because the hackers stole “access tokens”, a digital security key that allows users to stay logged into Facebook over multiple browsing sessions without having to enter their password each time. When an attacker has this token they can take full control of a victim’s account, including logging into third-party applications that use Facebook Login. | The security breach is believed to be the largest in Facebook’s history and is particularly egregious because the hackers stole “access tokens”, a digital security key that allows users to stay logged into Facebook over multiple browsing sessions without having to enter their password each time. When an attacker has this token they can take full control of a victim’s account, including logging into third-party applications that use Facebook Login. |
| This high-stakes matter may become the defining moment of GDPR | This high-stakes matter may become the defining moment of GDPR |
| The breach comes at time when Facebook is under heavy scrutiny over issues including foreign interference in elections, its role in spreading misinformation and hate speech, and privacy. | The breach comes at time when Facebook is under heavy scrutiny over issues including foreign interference in elections, its role in spreading misinformation and hate speech, and privacy. |
| Facebook announced the breach in a blogpost on Friday, saying it was taking the issue “incredibly seriously”. Over the weekend the commission said it was “concerned that this breach was discovered on Tuesday and affects millions of users”. | Facebook announced the breach in a blogpost on Friday, saying it was taking the issue “incredibly seriously”. Over the weekend the commission said it was “concerned that this breach was discovered on Tuesday and affects millions of users”. |
| Facebook was “unable to clarify the nature of breach and risk” to users at that point, the commission said, adding that it was pushing the company to “urgently clarify these matters”. | Facebook was “unable to clarify the nature of breach and risk” to users at that point, the commission said, adding that it was pushing the company to “urgently clarify these matters”. |
| Rowenna Fielding, a senior data protection lead at Protecture Limited, said: “Facebook should have tested the ‘view as’ function with a ‘what could an attacker do with this’ mindset and they either didn’t, or didn’t care about the gaping hole.” | Rowenna Fielding, a senior data protection lead at Protecture Limited, said: “Facebook should have tested the ‘view as’ function with a ‘what could an attacker do with this’ mindset and they either didn’t, or didn’t care about the gaping hole.” |
| Dr Lukasz Olejnik, an independent cybersecurity and privacy adviser, noted that this was the first major GDPR investigation that would test whether Facebook followed its rules around security of data processing. | Dr Lukasz Olejnik, an independent cybersecurity and privacy adviser, noted that this was the first major GDPR investigation that would test whether Facebook followed its rules around security of data processing. |
| “This high-stakes matter may become the defining moment of GDPR,” he said. | “This high-stakes matter may become the defining moment of GDPR,” he said. |
| Other data security experts believe that Facebook will get off lightly. | Other data security experts believe that Facebook will get off lightly. |
| “The Irish regulator doesn’t really have a track record of robust enforcement, so I don’t think Facebook is likely to be concerned about penalties they might levy,” said Fielding. | “The Irish regulator doesn’t really have a track record of robust enforcement, so I don’t think Facebook is likely to be concerned about penalties they might levy,” said Fielding. |
| She said that the $1.63bn potential fine was “unlikely”, describing it as a “ceiling, not a stipulation”. | She said that the $1.63bn potential fine was “unlikely”, describing it as a “ceiling, not a stipulation”. |
| “However, the precedent set by any regulatory finding of unlawful processing could be very significant, especially in follow-on litigation by individual data subjects affected,” she added. | “However, the precedent set by any regulatory finding of unlawful processing could be very significant, especially in follow-on litigation by individual data subjects affected,” she added. |
| Hacking | Hacking |
| Ireland | Ireland |
| Social networking | Social networking |
| GDPR | GDPR |
| Data protection | Data protection |
| Europe | Europe |
| news | news |
| Share on Facebook | Share on Facebook |
| Share on Twitter | Share on Twitter |
| Share via Email | Share via Email |
| Share on LinkedIn | Share on LinkedIn |
| Share on Pinterest | Share on Pinterest |
| Share on Google+ | Share on Google+ |
| Share on WhatsApp | Share on WhatsApp |
| Share on Messenger | Share on Messenger |
| Reuse this content | Reuse this content |