Facebook announced on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users. The attackers managed to grab hold of the tokens of accounts through the ‘View As’ feature of the social media platform.
The breach, which was discovered last week, has been described as the largest in the company’s 14-year history.
According to the Wall Street Journal, Ireland’s Data Protection Commission, the leading entity that looks over Facebook for the European Union, has asked for more information pertaining to the hack.
The Commission has demanded information about the nature and scale of the breach to verify whether the data breach has violated GDPR laws.
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based.
The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR came into effect across the EU on May 25, 2018.
A company that is not able to protect the data of the users is liable to face a maximum fine of €20 million ($23 million), or 4% of the company’s global annual revenue from the prior year, whichever amount is larger.
Additionally, since Facebook failed to notify the regulators about the attack within the 3 days of the breach, they could also face a potential fine of 2% of their global revenue.
Personal information of 50 million accounts has been compromised according to Facebook, and they have taken the necessary steps to protect any further attack through the same mechanism. Surprisingly, Mark Zuckerberg and Sheryl Sandberg, Facebook’s COO were also affected by the attack.
It remains to be seen whether the fine will be levied on Facebook or not.