Facebook may face $1.6bn fine over photo security breach
FACEBOOK could face a fine of over $1.6bn (£1.27bn) after a glitch exposed the personal photos of almost 7m users.
The Irish Data Protection Commission (DPC) said it had opened an inquiry into the security breach, which included images that users had never shared on the social network.
Under EU data laws, it could mean a fine equal to 4pc of annual revenue if regulators determine Facebook did not do enough to prevent it.
The inquiry will also encompass a security breach announced in October that gave hackers total control of 30m users’ accounts.
It is the latest in a litany of privacy issues involving the company this year, which started with the Cambridge Analytica scandal in March.
“We’re sorry this happened,” said Tomer Bar, an engineering director at Facebook, in an official blog post, adding that the company would work to find out who was affected and to delete their photos from other companies’ systems.
The problem was caused by a glitch in an update to Facebook’s tools for third-party developers, which allow other apps to connect to Facebook and use its data if users consent.
But while these apps are supposed to have access to photos that users have posted on their Facebook timelines, the update wrongly gave wider access to 876 other companies during a 12-day window in September.
Facebook became aware of the bug in September and fixed it, but did not report it to the DPC until Nov 22. GDPR requires any breach of personal data to be disclosed within 72 hours.
The company declined to comment on how many people had been affected in the UK.