Facebook Could Face Billions In Fines Over Data Breach

It’s more bad news for Facebook.

Facebook had to announce last week that yet another cybersecurity and privacy fiasco has taken place with its users’ information. 50 million of those users were compromised, by their estimate, along with a potential 40 million more. By exploiting the tokens related to the platform’s “View As” feature that lets you see your own page as others see it, hackers were able to interact with the affected accounts.

No money was affected, no Social Security numbers were compromised, so what’s the big deal? Plenty. First, Facebook is the gateway to many other accounts that users can link for log in purposes. In an effort to not have to keep signing in, users just “log in with Facebook.” Unfortunately, so can hackers.

The site has been actively advocating for other companies to add Facebook buttons to their websites and apps, all so that users can share content immediately and connect their accounts to those other sites.

Facebook is in the business of selling data and access to make money.

The more platforms that are connected to your Facebook account, the more access Facebook has to your activities, interests, spending habits, even your physical location. All of those metrics are valuable to other companies, and they pay Facebook handsomely for collecting it.

Facebook’s execs have come under fire for past security bungles, but what Congress and Parliament haven’t been able to do, a recent law might.

Does it pay off?

Now, thanks to the GDPR regulations concerning data collection and privacy, Mark Zuckerberg and friends might have to shell out some significant money in fines. The regulations across the EU levy harsh punishments on companies that collect customer data and then allow it to fall into the wrong hands.

By some sources’ count, Facebook could be facing billions of dollars in fines. Affected users need only file a claim, and have no obligation to demonstrate material harm from the loss of their data. In the US, a class-action suit has already been filed in one state, but users may have to demonstrate the aftermath of the breach in order to win their case.