[ad_1]
The Irish Data Protection Commission has opened a formal investigation into a data breach affecting nearly 50 million Facebook accounts, which can lead to a fine of up to $ 1.63 billion.
The breach, discovered Tuesday, September 24 by Facebook engineers, has allowed hackers to support the accounts of users. It was corrected on Thursday, the company said.
"The investigation will examine Facebook's compliance with its obligation under the General Data Protection Regulation (GDPR) to implement the appropriate technical and organizational measures to ensure the security and safeguarding of personal data processed by that party. ", said the commission. said Wednesday in a statement.
The commission regulates Facebook's membership of the GDPR, a European law that strengthens privacy protection for individuals and introduces tough penalties for companies that fail to protect users' data.
The commission noted that Facebook had informed it that its internal investigation was continuing and that the company "continued to take corrective measures to mitigate the potential risk to users".
"We are in close contact with the Irish Data Protection Commission since we have been informed of the security attack and we will continue to cooperate with their investigation," said a spokeswoman for Facebook.
Shortly after the Irish Data Protection Commission announced its investigation, the Spanish Data Protection Agency announced that it would cooperate in the investigation to protect the rights of Spanish citizens.
The security breach is considered the biggest in Facebook's history and is particularly egregious because hackers have stolen "access tokens", a digital security key that allows users to stay connected to Facebook. during multiple browsing sessions without having to enter their password each time. When an attacker has this token, he can take full control of the victim's account, including by connecting to third-party applications using Facebook Login.
The offense comes at a time when Facebook is subjected to scrutiny over issues such as foreign interference in elections, its role in spreading false information, hate speech and life. private.
Facebook announced the breach on Friday in a blog post, saying it was taking the issue "incredibly seriously." Over the weekend, the commission said it was "concerned that this breach was discovered Tuesday and affects millions of users".
Facebook was "unable to clarify the nature of the breach and the risk" for users at that time, said the commission, adding that this prompted the company to "clarify these issues urgently".
Rowenna Fielding, senior manager of data protection at Protecture Limited, said: "Facebook should have tested the" display as "feature with a" what could an attacker do with this state of mind "and they did not care or did not care about the gaping hole. "
Dr. Lukasz Olejnik, Independent Advisor on Cybersecurity and Privacy, said it was the first major GDPR survey to check if Facebook enforced its data security rules. .
"This high-stakes issue could become the decisive moment for the GDPR," he said.
Other data security experts believe that Facebook will come out lightly.
"The Irish regulator has not been well enforced by the law. So I do not think Facebook is worried about the sanctions it could impose, "Fielding said.
She said the potential fine of $ 1.63 billion was "improbable", describing it as a "ceiling, not a stipulation".
"However, the precedent created by any regulatory finding of illegal treatment could be very important, especially in subsequent litigation involving affected data subjects," she added.
[ad_2]
Source link