In August of 2019, Facebook was the victim of a data breach that compromised information from 533 million people from 106 different countries. Why is this in the news now? Because the breach was addressed in a recent email from Facebook management, and that email was accidentally sent to a Belgium-based news outlet and, in that email, they don’t seem too concerned.
The information that was stolen included phone numbers, Facebook IDs, full names, birthdates, location information, biographical information, and even some email addresses. But Facebook feels that this didn’t need to be relayed to users, and they don’t plan on changing their minds about it. In fact, the email indicates that they are looking to normalize this type of incident.
It was part of a feature that no longer exists, they fixed the issue, and users couldn’t fix it themselves anyway. With doubt around whether or not users would even be successfully notified, they didn’t feel that there was a way to ensure the situation was remedied any further. As they seem to see it, they had already addressed it on their end, and there was nothing that could really be done by the general public. Seems like a “hey, what can you do, it’s going to happen” kind of response and they said as much in a blog post.
Yes, data breaches are so common now, we’ve no longer become phased when a large breach hits the headlines. That in itself is a problem, but when we stop reporting on it altogether, that makes it even worse. Are we admitting defeat? Or are we just saying that we’re ok living with it? Neither answer should be acceptable, and businesses should not be able to say that it is ok to be a part of their problem because it is just a “normal occurrence”.
How did Facebook react when the email was discovered? They confirmed it was genuine and told the BBC: “We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it.” The spokesperson later added that LinkedIn and Clubhouse had also faced “data scraping” issues.
But that doesn’t mean it is ok! We need to continually work together to ensure that our personal and professional information is protected through safe cybersecurity practices. It isn’t something that we see as negotiable, especially when the statistics show how likely a small business is to not survive a data breach.
Yes, data breaches are being normalized, but that doesn’t mean that we need to accept that as the new normal.
Contact us today to set up a technology audit to see if you’re in compliance with the NYS SHIELD Act, as well as to ensure you’re doing all you can to protect your company’s data.