According to Reuters, the Irish Data Protection Commissioner (DPC) announced on Wednesday, October 3, that it has launched an investigation into the breach that exposed the data of about 50 million Facebook users. Facebook found that attackers were able to take control of user accounts through a function within the platform’s code.
“In particular, the investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes,” the DPC announced in a statement.
Under the GDPR, companies that fail to safeguard their users’ data could face a maximum fine of €20 million (US$23 million), or 4% of a firm’s global annual revenue for the prior year, whichever is higher.
Facebook has already informed the DPC that their own investigation is ongoing, and that the company will continue to take actions to lessen the potential risk to users. And earlier this week, a company spokeswoman said the company plans to answer all of the DPC’s questions, as well as keep regulators informed of further developments.
In the meantime, the vulnerability that caused the breach has been fixed, and Facebook added that it reached out to authorities when the vulnerability was discovered. More than 90 million users had to log out of their accounts as a result of the breach, which has been described as a typical measure taken with compromised accounts.
“We’re taking it really seriously,” Facebook Chief Executive Mark Zuckerberg told reporters in a conference call at the time. “We have a major security effort at the company that hardens all of our surfaces.”
Zuckerberg added, “I’m glad we found this. But it definitely is an issue that this happened in the first place.”
Full Content: PYMNTS
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.
Featured News
Veteran Lawyers Launch Boutique Antitrust Firm in NY and DC
Oct 6, 2024 by
CPI
EU’s Top Court Upholds Antitrust Veto on Thyssenkrupp-Tata Steel Deal
Oct 6, 2024 by
CPI
Brazil’s Court Delays X’s Return Over Fine Payment Dispute
Oct 6, 2024 by
CPI
Tencent and Guillemot Family Consider Potential Buyout of Ubisoft
Oct 6, 2024 by
CPI
Second Price-Fixing Case Against Hotel-Casinos Dismissed by Federal Judge
Oct 6, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Refusal to Deal
Sep 27, 2024 by
CPI
Antitrust’s Refusal-to-Deal Doctrine: The Emperor Has No Clothes
Sep 27, 2024 by
Erik Hovenkamp
Why All Antitrust Claims are Refusal to Deal Claims and What that Means for Policy
Sep 27, 2024 by
Ramsi Woodcock
The Aspen Misadventure
Sep 27, 2024 by
Roger Blair & Holly P. Stidham
Refusal to Deal in Antitrust Law: Evolving Jurisprudence and Business Justifications in the Align Technology Case
Sep 27, 2024 by
Timothy Hsieh