Digital rights group to sue Facebook over mass 2019 data breach
Facebook is to be sued in Europe over the mass data breach it suffered in 2019 that exposed the personal information of over 533.0m accounts.
The leak, which was only discovered much later, led to the user information found posted for free download on a hacker forum.
Digital Rights Ireland announced on Friday that it would be commencing a “mass action” to sue the tech giant and cited the right to monetary compensation for breaches of personal data as set out in the European Union’s General Data Protection Regulation (GDPR).
The Ireland-based digital rights group was urging Facebook users who live in the European Union or European Economic Area to check whether their data was breached and to sign up to join the case if so.
Information leaked via the breach includes Facebook IDs, location, mobile phone numbers, email address, relationship status and employer.
Ireland’s Data Protection Commission (DPC) is Facebook’s lead data regulator in the EU and will handle the case.
Last December, the regulator announced a €450,000 sanction against Twitter for a data breach. Unlike Facebook, Twitter publicly disclosed the issue when it was detected in 2019.
Facebook’s failure to disclose the vulnerability it discovered and claims that it had fixed it by September 2019 will likely lead to a higher sanction from the DPC than Twitter received.
According to TechCrunch, Facebook had sought to play down the breach claiming that it was "old data".