DUBLIN: Ireland’s data protection authority launched an investigation into Facebook Wednesday, bringing stringent new European privacy laws to bear on the tech titan after a security breach exposed 50 million accounts.
The move comes after the social media firm admitted to the data breach in a blog post last Friday, saying attackers exploited a vulnerability in the website’s code in September in a way that could have given them access to people’s accounts.
“The Irish Data Protection Commission (DPC) has today, 3 October 2018, commenced an investigation… into the Facebook data breach,” a DPC spokesman said in a statement.
“In particular, the investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes.”
The Irish probe has been touted as the first major test of the reformed European regulation which came into effect in May.
GDPR gives regulators sweeping powers to sanction organizations which fail to adhere to heightened standards of security when processing personal data.
Firms can be fined up to four percent of annual global turnover if they fail to abide by the rules — meaning Facebook faces a theoretical fine of 1.4 billion euros ($1.6 billion), based on its 2017 annual revenue of 35.2 billion euros ($40.6 billion).
But on Tuesday the EU’s top data privacy official said the social media giant is unlikely to face the maximum penalty because it had adhered to rules requiring notification of the data breach within 72 hours.
This “is one of the factors which might result in lower sanctions”, EU Justice and Consumer Affairs Commissioner Vera Jourova told AFP in Luxembourg.
“But this is only theoretical”, she added.
Facebook declined to comment when approached by AFP prior to the announcement of the investigation.
In its post on Friday Facebook said the data breach happened on September 25.
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” VP of Product Management Guy Rosen wrote.
“We have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.”
On Monday, Ireland’s DPC said staff believes that of the total profiles potentially impacted, less than 10 percent are EU accounts.
Facebook — which has established its international headquarters in Ireland – is already suffering from a tainted reputation on data security following the Cambridge Analytica (CA) scandal.
In that case, tens of millions of users had their personal data hijacked by CA, a political firm working for Donald Trump in 2016.
Facebook says data breach affected 29 million users
Cyber attackers stole data from 29 million Facebook accounts using an automated program that moved from one friend to the next, Facebook Inc (FB.O) announced as the social media company said its largest-ever data theft hit fewer than the 50 million profiles it initially reported.
The company said it would message affected users over the coming days to tell them what type of information had been accessed in the attack.
The breach has left users more vulnerable to targeted phishing attacks and could deepen unease about posting to a service whose privacy, moderation and security practices have been called into question by a series of scandals, cybersecurity experts and financial analysts said.
The attackers took profile details such as birth dates, employers, education history, religious preference, types of devices used, pages followed and recent searches and location check-ins from 14 million users.
For the other 15 million users, the breach was restricted to name and contact details. In addition, attackers could see the posts and lists of friends and groups of about 400,000 users.
Lawmakers and investors have grown more concerned that Facebook is not doing enough to safeguard data. Facebook cut the number of affected users from its original estimate after investigators reviewed activity on accounts that may have been affected. Still, cybersecurity experts warned that attackers could use stolen information in targeted phishing scams.
Facebook said it was continuing to investigate whether the attackers took actions beyond stealing data, such as posting from accounts but had not found additional misuse. Hackers did not steal personal messages or financial data and did not use their access to accounts to access users’ accounts on other websites, Facebook said.
Jetliner lands in the US after world’s longest flight
NEW YORK: An Airbus jetliner arrived in Newark on Friday after a nearly 18-hour trip from Singapore, completing the world’s longest commercial flight.
It marked the revival of a route that had been eliminated in 2013. Singapore Airlines Flight SQ22 arrived at 5:29 am (0929 GMT), having left Singapore’s Changi airport at 11:23 pm, the Newark Liberty International Airport website said. That made for a flight of 17 hours and 52 minutes. The flight had been scheduled to take 18 hours and 25 minutes.
The plane was carrying 150 passengers and 17 crew members as it traveled 10,250 miles (16,500 kilometers). “I feel perfectly well rested,” said Kristopher Alladin, a 37-year-old Canadian. “I’m lucky because I’m able to sleep on the plane.” Flying from New York to Singapore would be a longer journey, lasting an estimated 18 hours and 45 minutes. The first flight in that direction took off from Newark at 11:10 am Friday.
Singapore Airlines only offers premium economy and business seats on the flight – no regular economy seats. “Although you’re in premium eco, you feel like you’re in first class,” said Alladin, adding that he had taken the same flight in 2008. “The flight was very smooth, very quiet.”
Air India jet hits wall on takeoff
NEW DELHI: Air India today grounded two pilots after one of its jets carrying 136 people hit an airport perimeter wall on takeoff and then flew for almost four hours with a damaged body, officials said.
The Boeing 737 suffered the damage as it left Trichy in southern India bound for Dubai. Officials at the airport in Tamil Nadu state “observed that aircraft might have come in contact with the airport perimeter wall,” said an Air India statement.
“The matter was conveyed to the pilot in command. The pilot in command reported that the aircraft systems were operating normally. It was decided to divert the aircraft to Mumbai as a precautionary measure.”
The jet landed in Mumbai four hours later and pictures of the damaged aircraft went viral on social media soon after it landed safely. The 130 passengers were moved to a new flight to Dubai.