On Friday, Facebook announced that they faced yet another data breach which led to the exposure of as many as 50 million accounts. The attackers managed to grab hold of the tokens of accounts through ‘View As’ feature of the social media platform.
The Wall Street Journal has reported that Ireland’s Data Protection Commission, the leading entity that looks over Facebook for the European Union, has asked for more information pertaining to the hack. The Commission has demanded information about the nature and scale of the breach to verify whether the data breach has violated GDPR laws.
General Data Protection Regulation (GDPR) is a set of strict laws that came into effect in May to ensure that European residents are not affected by the mishandling of data by the companies.
A company that is not able to protect the data of the users is liable to face a maximum fine of €20 million ($23 million), or 4% of the company’s global annual revenue from the prior year, whichever amount is larger.
Additionally, since Facebook failed to notify the regulators about the attack within the 3 days of the breach, they could also face a potential fine of 2% of their global revenue.
Personal information of 50 million accounts has been compromised according to Facebook, and they have taken the necessary steps to protect any further attack through the same mechanism. Surprisingly, Mark Zuckerberg and Sheryl Sandberg, Facebook’s COO were also affected by the attack.
It remains to be seen whether the fine will be levied on Facebook or not.