September 30, 2018 at 11:14AM Forbes Facebook Faces Class Action Over Security Breach That Affected 50 Million Users
Raise your hand if you were among the millions of Facebook users who were suddenly logged out of your account this past week.
Yep, my hand is up, and if yours is, too, you should be interested in a class action suit filed in California on behalf of the 50 million users whose personal information or PII, including “names, email address, recovery email accounts, telephone numbers, birthdates, passwords, and security question answers,” was exposed.
The class action lawsuit, filed by lead plaintiffs Carla Echavarria and Derrick Walker in the U.S. District Court for the Northern District of California, alleges that a flaw in Facebook’s code and its “grossly inadequate” security measures have made affected users more susceptible to identify theft. More specifically, the complaint claims that the security breach “allowed hackers and other nefarious users to take over user accounts and siphon off Personal Information for unsavory and illegal purposes.”
The suit seeks to represent “[a]ll persons who registered for Facebook accounts in the United States and whose PII was accessed, compromised, or stolen from Facebook in the September 2018 Data Breach.”
According to the plaintiffs, Facebook was on notice of its security flaws since at least March 2018 when the Cambridge Analytica data scandal "came to light, exposing Facebook’s lax and inadequate approach to data security.”
The complaint further scolded Facebook for allegedly failing to “protect Plaintiffs or the Class or warn them about the security problems, and, instead, openly represented to Congress and foreign governments that Facebook was dedicated to the highest and most advance [sic] security practices and protocols.”
This massive breach is among the worst in Facebook’s history, though the company still hasn’t said who hacked into the system or the extent of damage the hacker may have done. Via its blog, Facebook did notify users of the breach and the remedial measures it had taken as of September 28, including fixing “the vulnerability,” informing law enforcement, resetting the “access tokens” of affected accounts — which, if you were logged out unexpectedly, may explain why — and disabling the “View As” feature, which the company believes was the hacking point.
In response to the security breach, Senator John Warner (R-VA) quickly released a statement urging Congress to “take action to protect the privacy and security of social media users.” Warner, who is the Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, declared “the era of the Wild West in social media” to be “over.”
The lawsuit alleges unlawful business practices, deceit by concealment and negligence as well as a violation of California’s Customer Records Act. As relief, the plaintiffs are seeking the usual things such as statutory damages, penalties, punitive damages and attorneys’ fees. They are asking that Facebook provide credit monitoring services.
In other words, if yours was one of the affected Facebook accounts, this is a class action suit you should keep an eye on.