Posts Tagged ‘data breach’

China suspected in huge Marriott data breach — global espionage effort

December 13, 2018

Investigators believe hackers working on behalf of China’s main intelligence agency are responsible for a massive data breach involving the theft of personal information from as many as 500 million guests of the Marriott hotel chain, a US official said Tuesday.

.
Investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, an official briefed on the investigation told The Associated Press.

Related image

.
The official, who was not authorized to discuss the matter publicly and spoke to the AP on condition of anonymity, said investigators were particularly concerned about the data breach in part because Marriott is frequently used by the military and government agencies.

.
Marriott, which announced the data breach on Nov. 30, has not disclosed what it knows about the source of the hack, which included the theft of credit card and passport numbers over four years from guests who stayed at hotels previously operated by Starwood.

.
Marriott acquired Starwood, which includes such brands as Sheraton, W Hotels and St. Regis, in 2016.

.
“Our primary objectives in this investigation are figuring out what occurred and how we can best help our guests,” Marriott spokeswoman Connie Kim said. “We have no information about the cause of this incident, and we have not speculated about the identity of the attacker.”

.
The revelation of suspected involvement by China comes amid heightened tension with the US over trade; the arrest in Canada on an American warrant of a top executive of Chinese electronics giant Huawei; and alarm among law enforcement officials about Chinese efforts to steal technology to bolster its growing economy.

.
President Donald Trump said he would get involved in the Huawei case if it would help produce a trade agreement with China, telling Reuters in an interview Tuesday that he would “intervene if I thought it was necessary.”

.
Officials from the Justice Department, the FBI and the Department of Homeland Security told the Senate Judiciary Committee on Tuesday that China is working to steal trade secrets and intellectual property from US companies in order to harm America’s economy and further its own development.

.
Chinese espionage efforts have become “the most severe counterintelligence threat facing our country today,” Bill Priestap, the assistant director of the FBI’s counterintelligence division, told the committee. “Every rock we turn over, every time we looked for it, it’s not only there, it’s worse than we anticipated.”

.
Priestap said federal officials have been trying to convey the extent of the threat to business leaders and others in government. “The bottom line is they will do anything they can to achieve their aims,” he said.

.
Cyber-security expert Jesse Varsalone, of University of Maryland University College, said the Marriott hack does have signs of a foreign intelligence agency involvement. They included its duration and the fact that the information stolen, including details about travel by individuals, would be valuable to foreign spies.

.
“It’s about intelligence, human intelligence,” he said. “To me, it seems focused on tracking certain people.”

.
Priscilla Moriuchi of Recorded Future, an East Asia specialist who left the National Security Agency last year after a 12-year career, cautioned that no one has put out any actual data or indicators showing Chinese state actor involvement in the Marriott intrusion.

.
In the last few months, the Justice Department has filed several charges against Chinese hackers and intelligence officials. A case filed in October marked the first time that a Chinese Ministry of State Security intelligence officer was extradited to the United States for trial.

.
Prosecutors allege the operative, Yanjun Xu, recruited employees of major aerospace companies, including GE Aviation, and attempted to persuade them to travel to China under the guise of giving a presentation at a university. He was charged with attempting to steal trade secrets from several American aviation and aerospace companies.

.
Such investigations can be time-consuming and difficult. The Justice Department is training prosecutors across the country to bring more of these cases, Assistant Attorney General John Demers told the Senate Judiciary Committee. “We cannot tolerate a nation that steals the fruit of our brainpower,” he said.

The Associated Press

Advertisements

Marriott Hit by Starwood Hack That Ranks Among Biggest Ever

November 30, 2018
  • Shares of Marriott slump in pre-market trading after hack news
  • Marriott hack may rank only below Yahoo among biggest of data
Photographer: Andrew Harrer/Bloomberg

Marriott International Inc. said it’s investigating a hack of the guest reservation database at its Starwood unit that may be one of the biggest such breaches in corporate history. Marriott shares slumped as much as 6.9 percent.

The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests, and for about 327 million of them, the data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.

The Marriott hack may rank only below Yahoo as one of the biggest of personal data, when 3 billion users were exposed to a 2013 security breach.

“We know there’s going to be a cost, but how big will it be, I don’t know, I don’t think Marriott knows,” said Michael Bellisario, an analyst at Robert W. Baird & Co. “Marriott’s biggest asset is the network effect of customers in the loyalty program. The big question is does it impact the Marriott brand, and the customer desire to be rewards program members? It’s still too early to tell.”

Regulators and consumers have been stepping up their action against companies that have suffered security breaches as such attacks have increasingly become more severe. Target Corp. last year agreed to pay $18.5 million to settle investigations by dozens of states over a 2013 hack of its database in which the personal information of millions of customers was stolen, while Equifax is facing billion-dollar law suits and a regulatory investigation.

“The breach is so big that the company may face a large fine from the authorities and the market is factoring that in,” said Juan Jose Fernandez Figares, chief analyst at Link Securities in Madrid. “This is yet another company that has been hit by a hacking and a reminder to any company that manages customers’ personal data that they need to work harder to protect them from future attacks.”

Marriott’s statement indicates the hacking was going on years before the company acquired Starwood in a deal valued at about $13.6 billion that closed in September 2016. Marriott’s database contained guest information relating to reservations at Starwood properties on or before Sept. 10, 2018. For some, it also included payment card details, said Marriott, which didn’t identify who the perpetrators might be.

Although Marriott said the details such as credit card numbers were encrypted, it has not been able to rule out the possibility that enough details were taken in order to decrypt this information.

The company has reported the incident to law enforcement and continues to support their investigation, and has also begun notifying regulatory authorities. Marriott informed the U.K. data protection regulator about the breach, the Information Commissioner’s Office said Friday. The regulator asked individuals concerned about how their data was handled to report their worries.

In its quarterly filing dated Nov. 6, Marriott added a warning about security breaches.

“We have experienced cyber-attacks, attempts to disrupt access to our systems and data, and attempts to affect the integrity of our data, and the frequency and sophistication of such efforts could continue to increase,” the firm said, without providing details on specific attacks.

Marriott paid $13.6 billion to acquire Starwood in September 2016 in a deal that created a hospitality industry behemoth that has 1.3 million rooms and more than 110 million loyalty program members. Starwood’s legacy brands include Sheraton, W Hotels, Westin, Aloft and St. Regis.

— With assistance by Sharon R Smyth, Giles Turner, and Lily Katz

https://www.bloomberg.com/news/articles/2018-11-30/marriott-found-unauthorized-starwood-database-access-since-2014-jp3xbq64

From Mark Zuckerberg to George Soros, here’s everything you need to know about Facebook’s latest crisis

November 19, 2018

What’s going on? 

Facebook CEO Mark Zuckerberg
 Chip Somodevilla / Getty

The New York Times published an important story last week that explored how Facebook’s top executives, CEO Mark Zuckerberg and COO Sheryl Sandberg, have handled the company’s numerous crises over the past two years.

Facebook didn’t come out looking good, and neither did Zuckerberg or Sandberg. The days after the story published included a lot of he-said, she-said, denials and clarifications coming from all sides.

Here’s a recap of what we know and who said what.

Mark Zuckerberg

What was reported: The biggest knock on Zuckerberg in the Times story was that he wasn’t involved enough in making some of Facebook’s most important decisions. When Facebook decided not to remove a controversial post about “preventing Muslim immigration” from then-Presidential candidate Donald Trump for fear of angering Republicans, Zuckerberg passed that decision off to subordinates.

When Facebook decided not to name Russia in its first major research paper about how “malicious actors” used Facebook to spread misinformation and sow political discord, Zuckerberg “did not participate in the conversations,” the Times reported. The Times said Zuckerberg and Sandberg were “distracted by personal projects,” and Zuckerberg spent a lot of 2017 traveling the country on a listening tour, posing for photographs that later appeared on his Facebook page.

How Zuckerberg responded: The day after the Times’ story ran, Zuckerberg held a conference call with reporters to discuss Facebook’s content moderation efforts, but ended up taking a lot of questions about the story. “We’ve certainly stumbled along the way but to suggest that we weren’t interested in knowing the truth [about Russian election efforts] or that we wanted to hide what we knew, or that we tried to prevent investigations, is simply untrue,” Zuckerberg said. (The Times did not report that anyone tried to “prevent” investigations, but rather that Facebook was slow to unveil what it knew.)

Zuckerberg also denied knowing about Facebook’s relationship with Definers, a DC-based PR shop known for opposition research, and defended his position as CEO and chairman of Facebook’s board. He just wants more time to fix things. “I don’t think that me or anyone else could come in and snap our fingers and have these issues resolved in a quarter or half a year,” he added.

What happens next? It’s possible Congress might try and summon Zuckerberg back to D.C. to testify again about Facebook’s role in the 2016 election. It seems highly unlikely, though, that Zuckerberg’s role at Facebook will change. Not only does he have voting control over the board, and therefore his job, but Facebook’s board also issued a statement of support on Thursday backing Facebook leadership.

Regardless, Zuckerberg’s (now frequent) apologies and missteps are getting old. At the very least, it’s tough to find a great argument for why people should continue to trust the company. “I still cannot stand the ability of people to pretend that this is not all Mark Zuckerberg’s responsibility,” said Recode’s Kara Swisher on the latest episode of PivotRecode’s new podcast. “He’s an adult, and they’re treating him like this sort of adult boy king who doesn’t know what’s going on. It’s ridiculous. He knows exactly what’s going on.”

Sheryl Sandberg

What was reported: As I’ve now written a few times, Sandberg came out looking the worst of all Facebook’s executives from the New York Times investigation. The most damning issue with Sandberg was more implied than it was explicitly spelled out: It seemed as though she was a constant critic of Facebook’s efforts to investigate Russian election interference.

Sandberg was reportedly upset that Facebook’s security team was looking into Russian meddling without permission, and then got upset again when company executives in charge of that investigation gave too much info to Facebook’s board of directors. Sandberg also agreed that Facebook shouldn’t name Russia in its first big white paper about Russian propaganda, instead citing unspecified “malicious actors.” Sandberg was afraid naming Russia might anger Republicans, according to the Times.

How Sandberg responded: Sandberg posted to her Facebook page Thursday echoing Zuckerberg’s statements that Facebook never tried to hide info or prevent an investigation into Russian meddling. (A quick aside: When a big, powerful company really believes a publication got the story wrong, it asks for a retraction, like Apple did with a recent Bloomberg investigation.)

Sandberg also denied knowing that Facebook had hired Definers. “I did not know we hired them or about the work they were doing, but I should have,” she said.

What happens next? Sandberg’s job seems safe — at least for now. “Sheryl is doing great work for the company. She’s been a very important partner to me, and continues to be, and will continue to be,” Zuckerberg told reporters last week.

One interesting element here is whether or not Sandberg’s last few years at Facebook will come back to haunt her if she ever tried to get back into politics. It is widely believed that Sandberg, who used to work at the Treasury Department, will go back to D.C. someday. Will her role overseeing Facebook policy and Facebook’s targeted advertising business during years of crisis impact those plans?

Definers

What was reported: Facebook hired Definers, a D.C.-based public relations firm that “specialized in applying political campaign tactics to corporate public relations,” according to the Times — essentially, opposition research. Definers also worked closely with a conservative news organization called NTK, and the two organizations “share offices and staff,” the Times reported.

While Facebook was working with Definers, NTK published stories critical of some of Facebook’s biggest competitors, including Apple and its CEO Tim Cook, who has been critical of Facebook’s data policies. The Times also found that Definers reached out to reporters to share research about  Diamond and Silk, , conservative media personalities who have complained that Facebook restricts their free speech, and to suggest that George Soros, the wealthy Democratic donor who is often attacked by members of the far right, was bankrolling anti-Facebook protestors.

How Definers responded: Definers and NTK have both issued statements denying any kind of shady behavior. “To be clear: Definers was not hired by Facebook as an opposition research firm,” the PR firm wrote on its website. Definers claims that the vast majority of its work with Facebook involved monitoring press coverage for the company and helping manage policy announcements. “A fraction of our work with Facebook included providing research and background information about critics — both on the left and the right,” the firm claims. NTK denied working with Facebook at all.

What happens next? It’s hard to believe that Definers and NTK weren’t working together. Not only were they sharing an office, but the editor in chief listed on NTK’s website is a man named Joe Pounder. Not coincidentally, he is also listed as an employee on Definers’ website — Pounder is Definers’ president. (“Joe Pounder works with that firm, but Pounder has many separate projects,” NTK claimed.)

Facebook ended its relationship with Definers shortly after the New York Times story went live. Both Zuckerberg and Sandberg claimed they had no idea that Facebook was even working with Definers until the Times piece ran. So who hired Definers? Zuckerberg said it was someone on Facebook’s communications team.

The top communications official at the time was Elliot Schrage, who has since announced he is leaving the company. The biggest issue here is that Zuckerberg and Sandberg — primarily Sandberg, who has been much more active in overseeing Facebook’s policy strategy — were supposedly unaware of what the communications team was doing. That looks terrible.

Alex Stamos

What was reported: Stamos was Facebook’s chief security officer, and led the team that investigated Russian interference efforts before and after the 2016 election. He started looking into Russian activity on Facebook in early 2016, before Facebook’s top executives were fully aware of the problem, and was responsible for briefing Facebook’s board of directors on his efforts. His report to the board was more thorough than Sandberg would have liked, and she got angry at Stamos for over-sharing, according to the Times. Stamos was a proponent internally of sharing more info with the public earlier on than Facebook ultimately did.

How Stamos responded: Stamos has been everywhere since the story ran. He’s been tweeting about the story over the past few days. He wrote an op-ed for the Washington Post on Saturday confirming significant parts of the story. He also appeared on Recode and MSNBC’s TV show “Revolution” Sunday night.

Stamos is adamant that Facebook executives never stood in the way as he investigated Russian meddling, but admits there were disagreements about how much to reveal and when. He also said Sunday that Facebook’s growth team, the group responsible for adding new users and a team with a lot of power internally at Facebook, “are most responsible for a lot of the issues Facebook is facing.”

Stamos also defended Sandberg, who yelled at him following his detailed board presentation, and who leads a policy and communications team that is clearly more ruthless in Washington, D.C., than many realized.

“If it seems like Sheryl is careful about her public persona, perhaps it’s because she is required to put her iron fist in a velvet glove in a way never demanded of powerful men,” Stamos tweeted about criticism of Sandberg. “Judge her actions, not how she fits into your notions of female leadership.”

Alex Stamos

@alexstamos

Facebook encountered an unprecedented situation in 2016-2017. As I have said before, I was never told by Mark, Sheryl or any other executives not to investigate.

The New York Times

@nytimes

Replying to @nytimes

In one meeting, Sheryl Sandberg appeared angry that Facebook’s security chief had told the company’s board that the network hadn’t yet contained Russian disinformation.

“You threw us under the bus!” Sandberg yelled, according to people who were present. https://nyti.ms/2DDWFTC 

163 people are talking about this

What happens next: Stamos is no longer at Facebook, but is still a prominent voice on tech and cybersecurity more broadly. This is certainly not the last we’ll hear from him. As the lead Facebook exec investigating this kind of activity from Russia, and a central figure in this Times story, it’s possible Stamos could also be asked to answer questions from Congress or other government agencies at some point in the future.

George Soros

What was reported: As explained above, the Definers firm that Facebook hired told reporters to look into the financial ties between Soros and anti-Facebook protestors.

How Soros responded: The president of Soros’s foundation wrote a letter to Sandberg criticizing Facebook’s media approach and requesting a meeting. “As you know, there is a concerted right-wing effort the world over to demonize Mr. Soros and his foundations, which I lead — an effort which has contributed to death threats and the delivery of a pipe bomb to Mr. Soros’ home,” the letter reads.

What happens next: Maybe Soros and Sandberg will meet.

Congress

What was reported: A number of politicians appear in the New York Times story. It was reported that Sandberg lobbied Minnesota Senator Amy Klobuchar — who was behind legislation to increase political advertising restrictions on Facebook — to back off from posting criticism about the company. Another Senator, New York’s Chuck Schumer, reportedly lobbied Virginia’s Mark Warner, one of Facebook’s most vocal critics and another sponsor alongside Klobuchar of the ad restrictions bill, to back off from criticizing Facebook as well. Schumer has raised a lot of money from Facebook employees, and has a daughter who works at the company, according to the Times.

How Congress responded: It was about how you’d expect: Everyone had something to say. Klobuchar, along with other Senators, called on the Department of Justice to investigate Facebook. Schumer claimed that he is indeed tough on Facebook. And Warner took a victory lap for the Senate Intelligence Committee, of which he is Vice Chairman. “The New York Times story reinforces the fact that, but for consistent pressure brought to bear by the Senate Intelligence Committee’s bipartisan investigation, we would still be in the dark about the extent of Russian activity on Facebook during the 2016 election,” he said.

What happens next: The story provides even more fuel to those who believe Facebook should be regulated. It seems possible, maybe even likely, that Facebook executives will be called to Washington once again to testify before Congress and answer more questions. It’s clear that nobody is happy with Facebook right now.

https://www.recode.net/2018/11/19/18099241/facebook-mark-zuckerberg-sheryl-sandberg-new-york-times-george-soros-explained

Related:

Mark Zuckerberg enters wartime mode to protect besieged Facebook

November 19, 2018

Facebook CEO Mark Zuckerberg told company leadership earlier this year that he plans to take more direct control of the social media giant in responding to scrutiny from Congress and the public, saying that the company is at war.

Zuckerberg told top employees at a June meeting that he needed to centralize decisionmaking in order to address several problems facing Facebook, the Wall Street Journal reported, an approach that has since caused some executives to leave.

The switch also has caused tension with his longtime Chief Operating Officer Sheryl Sandberg, according to the report.

Facebook Inc. has faced several issues since the 2016 presidential election, including questions over its role in allowing Facebook accounts and groups to attempt to influence elections, especially Russian bot accounts.

Image result for facebook, pictures

Earlier this year, the company also faced backlash after the Cambridge Analytica scandal, in which it was revealed that millions of users’ personal information had been compromised.

Last week, the New York Times reported that Facebook had a contract with a right-leaning public relations group that the publication claimed was attempting to link the anti-Facebook movement to Democrats, particularly liberal megadonor George Soros.

The 34-year-old CEO ended Facebook’s contract with the company, Definers Public Relations, Wednesday night, and on Thursday said that he and Sandberg were not aware of the relationship the social media company had with Definers.

The report claimed Facebook paid Definers to write articles that portrayed Facebook in a positive light. Definers released a statement Friday that indicated they were not paid to write such articles or do opposition research, but instead were hired to do media monitoring and public relations work.

The Journal’s report says that Zuckerberg expressed frustration during an employee question-and-answer session on Friday over the recent critical coverage of Facebook, calling that coverage “bullshit,” according to people familiar with the comments.

https://www.washingtonexaminer.com/policy/technology/mark-zuckerberg-enters-wartime-mode-to-protect-besieged-facebook

Related:

Largest Facebook hack ever turns up heat on Mark Zuckerberg

October 3, 2018

Mark Zuckerberg is facing a major public reckoning following the massive Facebook data breach as a cascade of crises catch up with the social media giant.

This isn’t the first time the Facebook CEO’s leadership has been questioned, but the ever-growing list of problems – Cambridge Analytica, Russian election interference, the spread of disinformation – is prompting tough new scrutiny of Zuckerberg and his management team. Attackers exploited three flaws in Facebook’s code to break into tens of millions of personal accounts.

By , USA TODAY
Published 12:31 p.m. ET Oct. 2, 2018 | Updated 8:05 p.m. ET Oct. 2, 2018

Tesco Bank fined £16.4m by FCA over cyber attack — Will Facebook be next?

October 1, 2018

Weak defences left customers vulnerable to ‘largely avoidable’ attack in 2016

Image result for tesco bank, photos

© PA

By Caroline Binham and Martin Arnold in London

The cyber heist that stole £2.26m from customers of Tesco’s banking arm two years ago was “largely avoidable”, the UK financial watchdog said on Monday as it fined the lender £16.4m for repeated failings exposed by the incident.

Listing a catalogue of errors, including warnings that were ignored, mistakes in the code written to fix the problem and a failure to follow correct procedure, the Financial Conduct Authority imposed its first fine on a bank because of a cyber attack.

It was almost a day after the start of the cyber attack before Tesco Bank’s “fraud strategy team” took any action to address a hole in the lender’s security, despite many calls and tweets from worried customers and several internal emails raising the alarm.

Even then, it took another 24 hours before the vulnerability was fixed. Describing how “a series of errors” meant the bank wasted 21 hours before even starting to respond to the attack, the FCA said: “In the meantime, nothing had been done to stop the attack, the fraudulent transactions multiplied, calls from customers mounted and the attack continued.” However, the regulator more than halved the draft penalty of £33.6m that Tesco Bank was initially facing because it agreed to settle, co-operated fully and had already compensated customers.

The attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started Mark Steward, enforcement director of FCA The eventual £16.4m fine is the first time the FCA has penalised a company for an online fraud and reflects increased scrutiny of banks for IT failures and cyber attacks. Last month, millions of customers were locked out of their online accounts after both Barclays and Royal Bank of Scotland’s NatWest suffered IT outages.

Mark Steward, the FCA’s enforcement director, said the fine showed that it had “no tolerance for banks that fail to protect customers from foreseeable risks”. “In this case, the attack was the subject of a very specific warning that Tesco Bank did not properly address until after the attack started,” said Mr Steward. “This was too little, too late. Customers should not have been exposed to the risk at all”.

The FCA said 8,261 personal current accounts at Tesco Bank were affected by the attack — described by regulators at the time as “ unprecedented” — but because the bank delayed most of the fraudulent transactions, only 34 accounts ended up being debited money*.

The bank has insisted that no customer data were lost and none of its systems were breached in the “highly sophisticated attack”. Gerry Mallon, the bank’s chief executive, said: “We are very sorry for the impact that this fraud attack had on our customers.

We have significantly enhanced our security measures to ensure that our customers’ accounts have the highest levels of protection.” The FCA said Tesco Bank “inadvertently issued debit cards with sequential PAN numbers” — the long numbers across the front of debit cards — which made it easier for hackers to find the next number in the sequence.

The bank also configured its transaction authorisation system so that it only checked if the debit card expiry date was in the future rather than checking for an exact date. £2.26m Amount stolen from customer accounts at Tesco Bank during the cyber heist A year before the attack, Visa had warned its members, including Tesco Bank, about the type of fraud that it subsequently suffered happening in Brazil and the US.

But Tesco Bank only put a block on such transactions on its credit cards, not its debit cards. When the attack — mainly in the form of fraudulent Brazilian point of sale transactions — started at 2am on Saturday November 5 2016, it took two hours before Tesco Bank started sending automated messages to customers asking them to call its fraud hotline.

Because the financial crime operations team emailed the fraud strategy team instead of calling them as per the correct procedure at weekends, their emails were ignored. When the fraud strategy team was finally alerted, a mistake in the code they wrote to fix the security flaw — using the euro currency code instead of the Brazil country code — meant tens of thousands more fraudulent transactions happened.

Several hours later, the bank brought in external fraud experts who spotted a flaw in the way Tesco Bank’s authorisation system was configured, which had allowed fraudulent transactions to escape detection.

This was blocked at 3:35am on Monday, November 7 2016.

*This post has been amended to correct the final tally.

https://www.ft.com/content/9001485c-c551-11e8-bc21-54264d1c4647

Related:

Facebook Could Be Fined $1.63 Billion by European Privacy Regulators Over Latest Data Breach

October 1, 2018

European privacy regulators are considering imposing up to $1.63 billion in fines over Facebook’s latest data breach, which exposed the data of at least 50 million user accounts, according to reporting by the Wall Street Journal on Sunday. The data breach, which was revealed Friday, is a major black eye for the social network, as it impacted users who used the site’s popular “View As” feature, a privacy tool that lets users see how their Facebook profile page looks to visitors, including people who they are not ‘friends’ with on the site.

Image result for facebook, photos

According to the Journal, Facebook’s lead European privacy regulator, Ireland’s Data Protection Commission (DPC), wants more details from the social network about the data breach’s scope, including information on EU users that were impacted. The DPC said in an email to the Journal that it is “concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point.” The DPC has also posted updates about its inquiry to its Twitter account:

 

Data Protection Commission Ireland

@DPCIreland

.@DPCIreland is awaiting from Facebook further urgent details of the security breach impacting some 50m users, including details of EU users which have been affected, so that we can properly assess the nature of the breach and risk to users.

Věra Jourová

@VeraJourova

At least 50mln #Facebook users were compromised in the huge security breach. I urge Facebook to fully cooperate with @DPCIreland. We need to know if EU users were affected and what had happened to their data. Here a reminder about the obligations of biz https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en 

According to Facebook, users’ passwords were not revealed in the data breach, though impacted accounts did have to re-log into the social network on Friday. Here’s how to tell if your account was impacted by Facebook’s data breach, if you’re unsure.

In response to the Journal‘s report, a Facebook spokeswoman said Sunday that the company will answer the DPC’s questions, as well as provide regulators with further updates.

This issue is unlikely to go away soon for Facebook, as Europe’s General Data Protection Regulation is much more stringent than U.S. privacy requirements.

http://fortune.com/2018/09/30/facebook-data-breach-fine-european-privacy-gdpr-eu/

Facebook could face $1.6B fine in Europe over data breach: WSJ

October 1, 2018

Image result for Mark Zuckerberg, facebook, photos

A European Union privacy watchdog could fine Facebook (NASDAQ:FB) up to $1.63B for a data breach reported on Friday that affected accounts of more than 50M users, if company violated the EU’s new privacy law, the Wall Street Journal reports.

Ireland’s Data Protection Commission demanded more information from Facebook about the scope and nature of the breach, including which EU residents might be affected.

The regulator said it was concerned that Facebook was unable to clarify the nature of the breach and the risk for users.

Previously: Facebook -2.6% after disclosing security problem (Sept. 28)