Facebook Could Face A GDPR Fine Of $1.63bn

Facebook was fined £500,000 under the Data Protection Act for the Cambridge Analytica scandal but may not get away so lightly this time.

Now, Facebook could face potentially billions in fines under GDPR for the latest data breach which impacted roughly 50 million accounts

The security incident, was caused by a vulnerability in Facebook's code which permitted attackers to steal access tokens. Access tokens are used to keep Facebook users logged in when they switch over to a public profile view via the "View As" feature.

The breach was detected on September 25. The vulnerability, comprising of three separate bugs, has been resolved and the access tokens of affected users have been reset, alongside an additional 40 million users that were subject to a "View As" lookup over the past 12 months. It took mere hours before class-action lawsuits were filed against Facebook for failing to protect user data. It seems that it took only a little longer for regulators to become involved.

According to the Data Protection Commission (DPC) for Ireland, the number of affected accounts involved in the latest security incident relating to EU citizens is less than 10 percent of the total 50 million users impacted. This works out to roughly five million users, which is still a huge number of people who may have had their data accessed or stolen. Facebook said in response:

"We're working with regulators including the Irish Data Protection Commission to share preliminary data about Friday's security issue.  As we work to confirm the location of those potentially affected, we plan to release further info soon." 

Under the Data Protection Act 1998, Facebook was fined £500,000 by the UK's Information Commissioner's Office (ICO) for permitting the data-harvesting antics of Cambridge Analytica, leading to the improper sharing of data belonging to 87 million Facebook users in the UK, US, and beyond.

The old privacy laws which once held sway in Europe permitted a maximum fine of £500,000, and this was the same amount that Equifax was fined over a data breach which compromised data belonging to 15 million UK citizens. However, now businesses in the EU are held accountable under the General Data Protection Regulation (GDPR), which came into effect May 25, the potential financial ramifications could be far more serious.

The UK has already issued its first GDPR notice against AggregateIQ Data Services (AIQ), which has been connected to the Facebook-Cambridge Analytica data scandal.

If Facebook is found to be in breach of GDPR for failing to adequately protect user data over this incident, the company faces a fine of up to €20 million or 4 percent of annual global turnover, and as the fine applies to whichever is higher, the social networking giant could find itself forking out far more.

Based on Facebook's financial results for the last fiscal year, the fine could be up to $1.63 billion. In the firm's Q2 2018 financial results, Facebook reported net income of $5.1 billion and non-GAAP earnings of $1.74 per share on revenue of $13.23 billion.

The data breach is not the only headache Facebook recently had to cope with. The company has also faced criticism over its use of phone numbers given by users in the interest of security for targeted advertising.

ZDNet

You Might Also Read: 

Major Facebook Breach: 50m Users Compromised:

« Britian Accuses Russian GRU Spy Agency Of International Cyber Attacks
Uber Pay $148m Penalty For Breach Cover-Up »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

GlassSquid

GlassSquid

glasssquid.io simplifies your cyber security job search. We want to help you find your next perfect fit opportunity by removing the confusion.

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.