Facebook could face massive fine in Europe after data breach

Facebook faces a potentially massive fine in Europe after a serious data breach exposed the accounts of more than 50 million users, according to a report on Tuesday.

Continue Reading Below

The European Union enacted the General Data Protection Regulation, or GDPR, last May to establish strict guidelines for how companies can use and store consumers’ personal data. Companies are required to adhere to strict guidelines and to disclose any data breaches impacting consumers within 72 hours.

If European regulators determine Facebook did not do enough to protect its users’ data, the social media giant could face a fine of up to 4 percent of its annual revenue, according to the Wall Street Journal. In Facebook’s case, that would amount to as much as $1.63 billion.

“People’s privacy and security is incredibly important, and we’re sorry this happened,” Facebook vice president Guy Rosen said in a blog post about the breach. “It’s why we’ve taken immediate action to secure these accounts and let users know what happened.”

Facebook said it has yet to determine who is responsible for a hack that allowed unauthorized access to “digital tokens” linked to user accounts. By gaining control of digital tokens, the hackers would have been able to access accounts as if they were the actual account owner.

Ireland’s Data Protection Commission, a key European watchdog, said less than 10 percent of the 50 million accounts impacted by the breach were located in the European Union.

“We’re working with regulators including the Irish Data Protection Commission to share preliminary data about Friday’s security issue,” Facebook said in a statement. “As we work to confirm the location of those potentially affected, we plan to release further info soon.”

Under GDPR rules, failure to disclose a data breach within 72 hours carries a separate fine of as much as 2 percent of annual revenue.