The 50 million user data breach apparently affected 5 million European users. Some are saying that Facebook could be slapped with a $1.63 billion fine.
Late last month, Facebook suffered from a 50 million user data breach. Of course, that figure is actually the minimum number of users impacted. At the time, Facebook said that they are at the preliminary stages of their investigation. Hours after the breach was published, the company found itself on the receiving end of a class action lawsuit in the US. Since the fallout was already quite big so quickly, it stood to reason that the fallout would only grow from there.
Now, some are saying that trouble could hit the company in Europe. If you recall, Equifax was fined £500,000 over the massive data breach it suffered. The reason why it was so low is because the breach happened prior to the GDPR (General Data Protection Regulation) coming into force. That happened back in June of this year. While Equifax got extremely lucky, it seems Facebook may not enjoy the same luck.
TechCrunch is pointing out that with these new laws in place, Facebook could face a massive fine for this latest breach. The report suggests that the fine would be equivalent to 4% of their total global annual revenue. Of course, how regulators find that Facebook handled the breach will play a major role in how big the potential fine could be. From the report:
Facebook alerted regulators and the public to the breach Friday morning after discovering it Tuesday afternoon. That’s important because it came under the 72-hour deadline for announcing hacks that can trigger an additional fine of up to 2 percent of a company’s global revenue if not met.
So, at this point, there are a lot of unknowns in this story that could impact how severely Facebook is punished. Will Facebook, or someone else, find out that the breach is bigger than reported? Will users experience negative effects of the breach such as someone suddenly taking control of their account? Will regulators see that Facebook did everything by the book when it comes to this breach or will they uncover something else?
While we still are in the early days of the breach, for Europeans, this breach could be seen as a test of the new GDPR laws. So, it’ll be interesting to see how this ends up being handled – especially in the context of the legal action already being seen outside of the European jurisdiction.
Drew Wilson on Twitter: @icecube85 and Google+.
