Less than 10 percent of the 50 million users attacked in Facebook’s recent breach lived in the European Union, tweeted the Irish Data Protection Commission, which oversees privacy in the region. However, Facebook still could be liable for up to $1.63 billion in fines, or 4 percent of its $40.7 billion in annual global revenue for the prior financial year, if the EU determines it didn’t do enough to protect the security of its users.
Facebook wrote in response to the IDPC’s tweet that “We’re working with regulators including the Irish Data Protection Commission to share preliminary data about Friday’s security issue. As we work to confirm the location of those potentially affected, we plan to release further info soon.”
Everything you need to know about Facebook’s data breach affecting 50M users
Facebook alerted regulators and the public to the breach Friday morning after discovering it Tuesday afternoon. That’s important because it came under the 72-hour deadline for announcing hacks that can trigger an additional fine of up to 2 percent of a company’s global revenue if not met.
UPDATE Facebook data breach – @DPCIreland understands that the number of potentially affected EU accounts is less than 10% of the 50 million accounts in total potentially affected by the security breach. DPC Ireland statement beneath. #dataprotection #GDPR #EUdataP pic.twitter.com/oSfGy6DP2S
— Data Protection Commission Ireland (@DPCIreland) October 1, 2018
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
That hack saw sophisticated attackers combine three bugs in Facebook’s profile, privacy and video uploading features to steal the access token of 50 million users. These access tokens could allow the attackers to take over user accounts and act as them on Facebook, Instagram, Oculus and other sites that rely on Facebook’s login system. The EU’s GDPR laws threaten heavy fines for improper security practices and are seen as stricter than those in the U.S., so its findings during this investigation carry weight.
The big question remains what data was stolen and how it could potentially be misused. Unless investigators or journalists discover a nefarious application for that data, such as how Cambridge Analytica’s ill-gotten data was used to inform Donald Trump’s campaign strategy, it’s unlikely for the public to see this as more than just another of Facebook’s constant privacy scandals. It could still trigger regulation, or push partners away from using Facebook’s login system, but the world seems to be growing numb to the daily cybersecurity breaches that plague the internet.
