Welcome to the September 2019 issue of the Computing Security Newsletter.
Breaches at big organisations are now seemingly two a penny, although the actual cost to those suffering the consequences of having their data exposed is incalculable. Once, it might have almost beggared belief that Facebook recently experienced yet another data breach – if we hadn’t already reached a point where nothing that happens in our industry surprises us any longer.
This time we’re talking about 540 million records compromised – including Facebook IDs, comments, likes and reactions and account names. Toni Vitale, head of regulation, data & information at law firm Winckworth Sherwood, is clear as to the impact this breach might have had. “This is a high-stakes matter which may become the defining moment of GDPR [General Data Protection Regulation]. Data regulators in Ireland and Spain are already investigating previous Facebook data breaches affecting their citizens and this is beginning to look like a poor pattern of behaviour from Facebook. The Irish regulator doesn’t really have a track record of robust enforcement, so previously Facebook is likely to have been unconcerned about penalties it might levy. Although it’s unlikely that Facebook will face the full $1.63bn potential, as it is the maximum; but, given the large number of European citizens involved and the number of previous breaches, the eventual fine is still likely to be eye-wateringly large.”
In October last year, Facebook also revealed millions of email addresses, phone numbers and other personal user information were compromised during a security breach, affecting as many as 50 million accounts. In July this year, the company also admitted that millions of Facebook, Facebook Lite and some Instagram users had their passwords stored in plain text, leaving the accounts in question at risk.
The arrival of GDPR more than a year ago has introduced tough penalties for companies that fail to protect user data and can impose fines of up to 4% of worldwide annual turnover – which could, in theory, mean a fine of £1.63 billion for Facebook. This was the third major GDPR investigation into Facebook in five months. But what chance that it is likely to be the last?
To make sure you get your copy of the Newsletter emailed to you personally, every time, click here to register.
Brian Wall, Editor
Computing Security
Follow us :
|
