Skip to main content

Facebook under investigation following massive data breach

Facebook
(Image credit: Shutterstock)

The Irish Data Protection Commissioner will launch a formal investigation into the Facebook data breach that saw the personal information of hundreds of millions of users exposed online.

The regulator was already in the process of examining claims the data was lifted as far back as 2019, but has now come to the conclusion that data protection laws may have been violated by the social media company.

In a statement, Facebook said it intends to cooperate fully with the investigation and looks forward to explaining the factors that led to the breach and the protections in place to shield user data.

Facebook data breach

Earlier this month, it emerged Facebook had suffered a large scale data incident that compromised the personal information of hundreds of millions of users from across the globe.

Made possible by a bug in the platform’s contact syncing feature, the leak is said to have affected 533 million users from 106 different countries, exposing users’ names, email addresses, phone numbers and more.

After the incident came to light, Facebook drew further criticism for refusing to notify the individuals whose data had been exposed, leaving people to investigate of their own accord. Asked to justify the decision, a spokesperson explained the company does not yet have a full understanding of the specific users caught up in the breach.

Facebook was also eager to clarify that the data was not stolen via hacking, but rather scraped from the platform. The company claims the attacker had abused a vulnerability that was identified and patched in 2019, which would suggest data housed on its platform today is not at immediate risk.

Nonetheless, the Data Protection Commission believes the company may have violated “one or more provisions of the GDPR and/or Data Protection Act” in its handling of user data.

“Accordingly, the commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users,” said the regulator.

Via BBC

Joel Khalili

Joel Khalili is a Staff Writer working across both TechRadar Pro and ITProPortal. He's interested in receiving pitches around cybersecurity, data privacy, cloud, storage, internet infrastructure, mobile, 5G and blockchain.