Last Friday, Facebook (NASDAQ: FB) announced that hackers had gained access to over 50 million user accounts in one of the largest data breaches in history. In what security experts now refer to as a “disaster”, hackers exploited a series of bugs to bypass profile security layers – allowing them to access any of the compromised accounts and private messages. Worse still, people who used their Facebook login to access other services (like Instagram and Spotify among others) were put at even greater risk of fraudulent activity, as hackers could now access those websites and apps with stolen Facebook login information.
In response, Facebook automatically logged out 90 million accounts to prevent any further leaks in the system, but by then the damage had already been done. For avid Facebook users (or rely on their profile to make a living), the data breach could have potentially been devastating – both emotionally and economically.
So much so, that a top British law firm actually thinks that users affected by the hack may be entitled to compensation – almost $8,000 based on recent estimates.
In an interview with a British newspaper, Gareth Pope, who serves as the head of group litigation at Slater and Gordon, said that newly created General Data Protection Regulation (GDPR) rules in the European Union have opened the door to a potential lawsuit against Facebook:
“There are certain rules – one of those is the security principle,” remarked Pope, “which means Facebook has to secure your data with appropriate technical and organizational measures.”
Due to the GDPR rules being so ambiguous in nature, Pope claims that Facebook could be bested in a class action lawsuit from multiple angles, as it has repeatedly displayed negligent behavior when it comes to protecting user data.
“If you have left a laptop on the train without a password then that’s not secured data,” explained Pope, taking the social media giant to task, “If you have left open the doors of your system to hackers then you have also not secured your data.”
Pope specifically cited Article 82 of the GDPR rules (that went into effect earlier this year), which entitles “any person who has suffered material or non-material damage as a result of an infringement of [GDPR]” to compensation, unless the violator (in this case, Facebook) can prove that they aren’t at fault.
So, are they?
As it turns out, the original bugs that allowed hackers access to user profiles were originally generated in a July 2017 platform update, that enabled a new video upload function for users. There were three separate bugs in total, that when combined created a major vulnerability in Facebook’s code.
Even though it wasn’t intentional, Facebook’s inability to squash bugs in the July 2017 update ultimately allowed the breach to happen, and many courts across the globe would find Zuckerberg and co. responsible in some way or another.
However, that’s if a class action lawsuit would even make it to court in the first place.
“They may, as some sort of commercial decision, want to offer some sort of compensation, as a gesture of good will,” said Pope, “They may compensate these people, and tie that up into a settlement agreement so they’re not sued in the future.”
Even though Facebook enjoys nearly unlimited resources (and that extends to their corporate attorneys), a settlement would likely be cheaper for the company in the long run, in comparison to a drawn-out legal battle that Pope believes they would inevitably lose – regardless of how eloquent their defense is.
But according to Pope, finding someone to fund a lawsuit may be a challenge:
“It’s more complex than saying ‘yes, it’s a winnable’ case. We would obviously need to work out how the claim was funded, we’d need a litigation funder.
We wouldn’t expect claimants would want to pay us to run the claim for probably only £4-, 5-, 6,000 worth of compensation. We’d also need an insurance policy so clients wouldn’t have to pay Facebook’s legal costs if we lose.”
So, could you be expecting a check in the mail for almost $8,000 if your Facebook account was hacked? Possibly – but probably not, unless a wealthy suitor with a penchant for revenge decides to pay for a class action lawsuit.
But even if Facebook doesn’t end up getting sued over the data breach, it could still have dire long-term effects for the company – especially since its disastrous earnings report in July 2018, where the company announced a decline in new users for the first time ever, has kicked off a downwards spiral for share prices.
If anything, this recent hack will only intensify anxiety among Facebook’s userbase, further turning people away from the social media platform.
Facebook bulls could have many dark days ahead, as share prices continue to drop even without the announcement of a new full-blown scandal and potential lawsuit exposure on the horizon.
Will Zuckerberg’s company recover? Only time will tell – but if FB shares are going to make a run back to the top, it would certainly help to stay out of the spotlight until this all blows over…
…Until the next news cycle, at least.