Ireland’s data commissioner to investigate Facebook cyber attack

Helen Dixon’s inquiry could expose firm to huge fines for data breaches

Facebook users have been warned to be vigilant after it emerged the tech giant had suffered a security breach affecting 50 million users. Photograph: Niall Carson/ PA Wire

Facebook users have been warned to be vigilant after it emerged the tech giant had suffered a security breach affecting 50 million users. Photograph: Niall Carson/ PA Wire

 

Ireland’s data commissioner is expected to formally open an investigation later this week into the circumstances of the cyber attack that allowed hackers to access up to 50 million Facebook accounts.

The investigation of Facebook is likely to be undertaken by Helen Dixon under new EU rules, which could expose the company to huge fines for serious data breaches.

The world’s largest social network disclosed on Friday that hackers had stolen “keys” that allowed them to access up to 50 million user accounts. Less than 10 per cent of the users potentially affected were in the EU, according to the Irish data commission.

Facebook has chosen the Irish national regulator as a “one-stop shop” for data oversight under the EU’s new General Data Protection Regulation (GDPR), which came into force in May.

A spokesman for Irish Data Protection Commission said on Tuesday: “Before we would launch any investigation, there are steps that would have to be taken in relation to information gathering and preparing the scope of an inquiry.

“Furthermore, we would need to establish under which provisions of the Data Protection Act 2018 we would conduct it. We are currently engaged in those steps,” he added.

Important test

Data experts believe an inquiry is inevitable, with any investigation seen as an important test for Ms Dixon’s office under GDPR. Liam McKenna, a partner at Mazars accountants in Dublin, said the Facebook breach was a “very significant” event, and Ms Dixon was “under pressure to be seen to respond”.

Under GDPR, she has the power to impose fines of up to 4 per cent of a company’s global turnover for the most serious data breaches. Facebook’s turnover in 2017 was $40.65 billion (€35.2 billion).

While Facebook had been quick to alert it of the breach, the regulator said notification “lacked detail”. The commission expressed concern that the company was unable to clarify the nature of the breach and the risks it had posed to users.

“What’s not clear is who are these people. What data did they get? And what are they going to do with it?” Mr McKenna said. “If that’s a bad story, then you would expect there to be consequences for Facebook. But we don’t know yet if that’s the case. – Additional reporting: FT