Facebook Under Investigation For Massive Data Leak

The Irish Data Protection Commission has launched an investigation into the massive leak of Facebook user data online. It was recently revealed that the personal data of more than 530 million Facebook users had been posted in a low-level hacking forum, with users’ phone numbers being offered for sale. Facebook’s defence is that the data concerned was scraped, rather than hacked, and that users’ own privacy settings were to blame (this despite the fact that ‘Public’ was the default setting, even where the phone number was set to ‘Only me’). The company also claimed that the data had been scraped before the introduction of GDPR, meaning that it didn’t nered to report the leak.

“Based on our investigation to date, we believe that the information in the data-set released this weekend was publicly available and scraped prior to changes made to the platform in 2018 and 2019,” it said. However, the Irish Data Protection Commission (DPC), which oversees the Dublin-headquartered company, was sceptical, suggesting that some of the data at least might date from a later period and this be subject to GDPR.

And now, following pressure from the European Commission, it’s announced its intention to launch a full inquiry.

“The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data,” it says in a statement. “Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users by means of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer features of its service, or whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect.”

Facebook, while claiming that the contact-importing feature in question is common to many apps, has said it will cooperate with the enquiry.

The DPC’s move follows calls by the European Commission for a full investigation. Earlier this week, justice commissioner Didier Reynders said he’d spoken with data protection commissioner Helen Dixon about the matter, and was calling on Facebook to ‘actively and swiftly… shed light on the identified issues’.

If Facebook is found to be in breach of GDPR, it could face fines of up to four per cent of turnover. The company is already the subject of more than a dozen investigations by the DPC, none of which has yet reached a conclusion.

Get In Touch

Share On Social Media

Other Recent Blog Articles

Cybersecurity Nightmare: Cisco Data Breach and the Implications for Businesses

October 25, 2024

A threat actor known as IntelBroker has claimed to have breached Cisco’s systems on October 6th, 2024, stealing a vast amount of sensitive data. The stolen data allegedly includes source…

Read More

How PDX IT Services Can Protect Your Business from Data Breaches

October 23, 2024

Given the recent data breach at Globe Life and the increasing threat of cyberattacks, businesses must prioritize robust cybersecurity measures. PDX IT Services can offer a comprehensive suite of solutions…

Read More

Data Breach at Globe Life: A Growing Threat

October 23, 2024

Insurance Giant Faces Extortion and Data Exposure In a significant cybersecurity breach, Globe Life, a major life and health insurance provider, has confirmed that it is being extorted by a…

Read More