Facebook Faces Litigation After Data Breach Affects 50 Million Profiles
Facebook recently announced that hackers exploited a series of vulnerabilities within the social media company’s systems and accessed data from approximately 50 million user profiles. Later that day, the company found itself facing a class action lawsuit filed in the Northern District of California. The lawsuit alleges that Facebook violated California laws related to unfair
Facebook recently announced that hackers exploited a series of vulnerabilities within the social media company’s systems and accessed data from approximately 50 million user profiles. Later that day, the company found itself facing a class action lawsuit filed in the Northern District of California.
The lawsuit alleges that Facebook violated California laws related to unfair competition and negligence, and concealed its “grossly inadequate” security measures. It also calls for a certification of a class of “all persons who registered for Facebook accounts in the United States and whose PII (personally identifiable information) was accessed, compromised, or stolen from Facebook in the 2018 Data Breach.”
What Happened?
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” Facebook wrote in a blog post on September 28, 2018.
According to Facebook, the problem allowed attackers to use the “View As” feature to steal Facebook access tokens, which in turn allowed them to take over the Facebook accounts of logged-in users. Facebook responded by resetting the access tokens of both the affected accounts and of all accounts that had used “View As” in the previous year, requiring 90 million individuals to log back into their accounts. Facebook also notified law enforcement and turned off the “View As” feature.
A few hours after Facebook announced the problem, the company also confirmed that information on third-party apps with a “login from Facebook” feature may also have been available to hackers. This includes not only information on Facebook-owned apps like Instagram, but also apps like Tinder and Uber, which also allow users to log in with their Facebook accounts.
Facebook described the problem as being the result of the interaction of three different bugs, all of which the company says it is working to address.
Where Does Facebook Stand?
Facebook posted its blog post about the breach on the morning of September 28. By that afternoon, a lawsuit had been filed in the U.S. District Court for the Northern District of California.
The suit’s named plaintiffs are Carla Echavarria of California and Derrick Walker of Virginia. The lawsuit, however, seeks to certify a class of “all persons…whose PII was compromised.”
The complaint argues that Facebook’s failure to protect its users’ data from the breach resulted from negligence, and that Facebook’s response was to attempt to conceal a “lax and inadequate approach to data security.”
This suit is not the first time Facebook has been placed on the defense regarding its security measures. In the wake of the news that Cambridge Analytica, a political data firm, had gained access to the profile data of millions of Facebook users in a manner that could have affected the outcome of the 2016 election, Facebook has found itself named as a defendant in a number of lawsuits.
Most of the cases focus on questions of data security and transparency: What steps Facebook takes to keep user data out of others’ hands and what they tell the public about this process.
“[Facebook] knew its data security measures were grossly inadequate by, at the absolute latest, March 2018 when the Cambridge Analytica matter came to light, exposing Facebook’s lax and inadequate approach to data security,” the complaint alleges, arguing that the events of March 2018 should have put Facebook on notice that its security measures were inadequate and should have prompted the company to correct them before the September 2018 breach occurred.
“In response to all of these facts,” the complaint argues, “[Facebook] chose to do nothing to protect [the users affected by the data breach] or warn them about the security problems and, instead, openly represented to Congress and foreign governments that Facebook was dedicated to the highest and most advanced security practices and protocols.”
The lawsuit is not likely to be the last Facebook faces regarding its data security. The company reported having 2.23 billion monthly active users worldwide as of the second quarter of 2018, making it a treasure trove of information for hackers and other parties seeking to exploit personal data. Coupled with the company’s position at the forefront of relatively new and untested technologies, Facebook could easily face additional attacks on its security in the future – and additional lawsuits scrutinizing its approach to securing that information.
About the author
Dani Alexis Ryskamp, J.D.
Dani Alexis Ryskamp, J.D., is a multifaceted legal professional with a background in insurance defense, personal injury, and medical malpractice law. She has garnered valuable experience through internships in criminal defense, enhancing her understanding of various legal sectors.
A key part of her legal journey includes serving as the Executive Note Editor of the Michigan Telecommunications and Technology Law Review. Dani graduated with a J.D. from the University of Michigan Law School in 2007, after completing her B.A. in English, summa cum laude, in 2004. She is a member of the Michigan State Bar and the American Bar Association, reflecting her deep commitment to the legal profession.
Currently, Dani Alexis has channeled her legal expertise into a successful career as a freelance writer and book critic, primarily focusing on the legal and literary markets. Her writing portfolio includes articles on diverse topics such as landmark settlements in medical negligence cases, jury awards in personal injury lawsuits, and analyses of legal trial tactics. Her work not only showcases her legal acumen but also her ability to communicate complex legal issues effectively to a wider audience. Dani's blend of legal practice experience and her prowess in legal writing positions her uniquely in the intersection of law and literature.
Subscribe to our newsletter
Join our newsletter to stay up to date on legal news, insights and product updates from Expert Institute.
Sign up nowA Sample Voir Dire: How To Qualify An Expert Witness
Download free white paperChallenging Opposing Experts: Advanced Research Techniques
Download free white paperCross Examining Expert Witnesses: The Ultimate Guide
Download free white paper
Subscribe to our newsletter
Join our newsletter to stay up to date on legal news, insights and product updates from Expert Institute.