News has broken that 81,000 hacked Facebook accounts have had their private messages stolen. The hackers are now attempting to sell this data on, at the price of 10 cents (8p) per account, and are also claiming that they have obtained details from even more accounts – 120 million – although this has not been verified.
Facebook has already faced huge problems regarding data protection. It was fined £500,000 earlier this year for its role in the Cambridge Analytica scandal, and it now looks like it will be facing further penalties from the Information Commissioner’s Office (ICO). Regardless of the scale of this latest breach, things are looking bad for the social media giant.
Whatever happens next, a new fine will tell us something useful. The Cambridge Analytica scandal took place before GDPR came into effect in May, so the fine against Facebook was brought according to the pre-existing data laws. Specifically, it came under the Data Protection Act 1998. A new fine relating to this latest breach, however, will fall under GDPR.
It’s important to note that Facebook have not been able to hide behind being a US company. And as it turns out, they may have been fortunate that the Cambridge Analytica scandal was exposed before May 25th; it’s impossible to say what the fine would have been under GDPR, but it may well have been considerably greater than £500,000.
No matter what, though, the single biggest issue here is the ongoing risk to users. Facebook is a built around people’s personal data, but has so far been unable to provide adequate protection for that data. If the trend continues, there could be even more trouble ahead for the company.
You can find out more about this latest data breach of hacked Facebook accounts here.
And if you want to ensure that your company is GDPR compliant, make us of our GDPR Gap Analysis to make sure that you avoid heavy fines.