Facebook has been in the news for all the wrong reasons. Coming from a data privacy scandal where the company gave out private information, last week, information was reportedly stolen from the company.
Following the data breach discovered last week at Facebook where hackers were able to access user information allowing them to take over as many as 50 million accounts, the company is now looking at a possible fine worth Rs1.63 billion as regulators and governments in Europe and the US look to punish the social media giant already embroiled in data privacy scandals.
In a blog post by the company last week, Facebook announced that its engineering team found attackers had found a weakness in the company’s code with respect to its ‘view as’ feature.
According to the company, almost 50 million accounts were affected and had their access tokens reset. It also reset an additional 40 million accounts as a precautionary measure, for a total of 90 million accounts.
Immediately after the story surfaced, Facebook CEO Mark Zuckerberg released his statement on the social media site and said, “We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.”
Zuckerberg added that Facebook has already taken a number of steps to address this issue.
However, Facebook faced immediate outrage from the public and regulatory bodies who struggled to understand exactly which information had been hacked, and if people’s personal information and messages to connections were also breached.
According to the Wall Street Journal, the European Union’s (EUs) top privacy watchdog for Facebook, Ireland’s Data Protection Commission, is also struggling to learn information about what exactly happened.
Ireland’s Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, said Saturday that it has demanded more information from the company about the nature and scale of the breach, including which EU residents might be affected.
In an emailed statement, the regulator said it is “concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point.”
Under GDPR, companies that don’t do enough to safeguard their users’ data risk a maximum fine of €20 million ($23 million), or 4 per cent of a firm’s global annual revenue for the prior year, whichever is higher. Facebook’s maximum fine would be $1.63 billion using the larger calculation.
The law also requires companies to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2 per cent worldwide revenue.
It is however unlikely for Facebook to face such a fine in the United States where GDPR rules do not apply.