Google made data breach ‘infinitely worse’ by covering it up

Google’s failure to publicly disclose a security bug it discovered in March that allowed third-party app developers to access the personal information of social network Google+ users who had granted permission, and their friends, made the problem significantly worse, according to Judge Andrew Napolitano.

Continue Reading Below

“By not revealing it, by thinking they could get away with it, by thinking they could repair it before the customer finds out, they made it infinitely worse,” Napolitano said on Tuesday during an interview with FOX Business’ Charles Payne. “It’s like the cover-up is worse than the crime.”

Although the tech giant patched the problem -- which first started in 2015 -- it chose to not disclose the breach to the nearly 500,000 users who potentially had their full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status exposed. Google later said there was no evidence the third-party vendors had misused the information.

In an internal memo obtained by The Wall Street Journal, Google policy and legal officials wrote that disclosure would likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica Scandal.” They also argued that disclosure would likely invite “immediate regulatory interest.”

Google announced after the Journal published the report that it will shut down consumer access to Google+ and increase privacy protections for third-party apps.

“There’s no kind of statute that says the minute you’re hacked you have to tell your customers,” Napolitano said. “But there’s a common sense that if a customer was hacked and harmed and sued Google, because Google didn’t tell them, the jury is going to award a substantial verdict to the customer. So does Google have an obligation to inform the customer? Does AT&T? Does Chase? Does anybody that’s been hacked? Yes, absolutely.”

Napolitano said Google made the situation worse for themselves because although the breach didn’t affect “that many people,” the lack of transparency will “explode in their faces.”

“And in my opinion, rightly so,” he said.