Facebook could be hit by a fine of up to $1.6 billion under EU’s General Data Protection Regulation (GDPR) for a data breach of more than 50 million users.
Although Facebook has reported a “security issue” affecting “almost 50 million accounts” back in September, it appears that the company might be hit with a big fine of up to $1.6 billion under the General Data Protection Regulation (GDPR).
According to the report from the Wall Street Journal, both Ireland’s Data Protection Commission and the UK’s Information Commissioner’s Office (ICO) will be demanding information from Facebook regarding the size and the nature of the previously reported breach.
The big question is how many EU residents have been affected by the previously reported security issue, as well as the fact of how did Facebook handle it or if the company has reported it in time, as it will determine the fine.
The previously reported hack used three vulnerabilities in Facebook’s code allowing them to steal Facebook access tokens and compromise accounts. According to Facebook, the attack used the “complex interaction of multiple issues in their code”, and the company has both fixed the vulnerability and reset access tokens for almost 50 million accounts.
Facebook CEO, Mark Zuckerberg, also went public saying: “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”
It is left to be seen if the social giant will be hit by the EU’s GDPR fine, which can reach up to $1.63 billion, which is 4 percent of its $40.7 billion annual revenue. It all depends on if the EU determines it did not do enough to protect the security of its users, did not report the breach soon enough, and did not act properly to fix the issue.