[BreachExchange] Facebook Must Face Lawsuit Over 29 Million-User Data Breach
Destry Winant
destry at riskbasedsecurity.com
Tue Jun 25 03:56:18 EDT 2019
https://www.bloomberg.com/news/articles/2019-06-24/facebook-must-face-lawsuit-over-29-million-user-data-breach
Facebook Inc. failed to fend off a lawsuit over a data breach that
affected nearly 30 million users, one of several privacy snafus that
have put the company under siege.
The company’s disclosure in September that hackers exploited several
software bugs to obtain login access to accounts was tagged as
Facebook’s worst security breachever. An initial estimate that as many
as 50 million accounts were affected was scaled back weeks later.
A federal appeals court in San Francisco on June 21 rejected the
company’s request to block the lawsuit, saying claims against Facebook
can proceed for negligence and for failing to secure users’ data as
promised. Discovery should move "with alacrity" for a trial, U.S.
District Judge William Alsup said in his ruling. He dismissed
breach-of-contract and breach-of-confidence claims due to liability
limitations. Plaintiffs can seek to amend their cases by July 18.
“From a policy standpoint, to hold that Facebook has no duty of care
here ‘would create perverse incentives for businesses who profit off
the use of consumers’ personal data to turn a blind eye and ignore
known security risks,”’ Judge Alsup said, citing a decision a separate
case.
The world’s largest social network portrayed itself as the victim of a
sophisticated cyber-attack and argued that it isn’t liable for thieves
gaining access to user names and contact information. The company said
attackers failed to get more sensitive information, including credit
card numbers and passwords, saving users from any real harm.
Attorneys for users called that argument “cynical,” saying in a court
filing that Facebook has ”abdicated all accountability” while ”seeking
to avoid all liability” for the data breach despite Chief Executive
Officer Mark Zuckerberg’s promise that the company would learn from
its lapses. The case was filed in San Francisco federal court as a
class action.
Facebook didn’t immediately respond to a request for comment.
The Menlo Park, California-based company faces a slew of lawsuits and
regulatory probes of its privacy practices after revelations in early
2018 that it allowed the personal data of tens of millions of users to
be shared with political consultancy Cambridge Analytica. As lawmakers
have focused greater scrutiny on the company, Zuckerberg in March
called for new global regulations governing the internet, including
rules for privacy safeguards.
The case is Echavarria v. Facebook Inc., 3:18-cv-05982 , U.S. District
Court, Northern District of California (San Francisco).
More information about the BreachExchange
mailing list