Facebook Could Face A GDPR Fine Of $1.63bn

Facebook was fined £500,000 under the Data Protection Act for the Cambridge Analytica scandal but may not get away so lightly this time.

Now, Facebook could face potentially billions in fines under GDPR for the latest data breach which impacted roughly 50 million accounts

The security incident, was caused by a vulnerability in Facebook's code which permitted attackers to steal access tokens. Access tokens are used to keep Facebook users logged in when they switch over to a public profile view via the "View As" feature.

The breach was detected on September 25. The vulnerability, comprising of three separate bugs, has been resolved and the access tokens of affected users have been reset, alongside an additional 40 million users that were subject to a "View As" lookup over the past 12 months. It took mere hours before class-action lawsuits were filed against Facebook for failing to protect user data. It seems that it took only a little longer for regulators to become involved.

According to the Data Protection Commission (DPC) for Ireland, the number of affected accounts involved in the latest security incident relating to EU citizens is less than 10 percent of the total 50 million users impacted. This works out to roughly five million users, which is still a huge number of people who may have had their data accessed or stolen. Facebook said in response:

"We're working with regulators including the Irish Data Protection Commission to share preliminary data about Friday's security issue.  As we work to confirm the location of those potentially affected, we plan to release further info soon." 

Under the Data Protection Act 1998, Facebook was fined £500,000 by the UK's Information Commissioner's Office (ICO) for permitting the data-harvesting antics of Cambridge Analytica, leading to the improper sharing of data belonging to 87 million Facebook users in the UK, US, and beyond.

The old privacy laws which once held sway in Europe permitted a maximum fine of £500,000, and this was the same amount that Equifax was fined over a data breach which compromised data belonging to 15 million UK citizens. However, now businesses in the EU are held accountable under the General Data Protection Regulation (GDPR), which came into effect May 25, the potential financial ramifications could be far more serious.

The UK has already issued its first GDPR notice against AggregateIQ Data Services (AIQ), which has been connected to the Facebook-Cambridge Analytica data scandal.

If Facebook is found to be in breach of GDPR for failing to adequately protect user data over this incident, the company faces a fine of up to €20 million or 4 percent of annual global turnover, and as the fine applies to whichever is higher, the social networking giant could find itself forking out far more.

Based on Facebook's financial results for the last fiscal year, the fine could be up to $1.63 billion. In the firm's Q2 2018 financial results, Facebook reported net income of $5.1 billion and non-GAAP earnings of $1.74 per share on revenue of $13.23 billion.

The data breach is not the only headache Facebook recently had to cope with. The company has also faced criticism over its use of phone numbers given by users in the interest of security for targeted advertising.

ZDNet

You Might Also Read: 

Major Facebook Breach: 50m Users Compromised:

« Britian Accuses Russian GRU Spy Agency Of International Cyber Attacks
Uber Pay $148m Penalty For Breach Cover-Up »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Start Left® Security

Start Left® Security

Great security culture doesn't just happen; you ENGINEER it.

ISECURION Technology & Consulting

ISECURION Technology & Consulting

ISECURION is an information security consulting company. We provide a unique blend of services to our customers catering to the current information security landscape.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Nudge Security

Nudge Security

Nudge Security offer the world's first-ever SaaS security solution to discover shadow IT and curb SaaS sprawl across any device or location and nudges employees towards optimal security behavior.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.