In a statement issued in early April 2021, the Office for Personal Data Protection announced an investigation by the Irish supervisory authority (Data Protection Commission) into the data breach involving 533 million Facebook users, including approximately 2.7 million Polish users. The published data includes names, phone numbers, email addresses, dates of birth, gender, marital status, occupation, and place of residence.

In early 2020, a currently unknown perpetrator exploited a vulnerability that allowed the display of the phone number associated with every Facebook account, creating a database containing information on 533 million users from all countries. In January 2021, a hacker, using a bot on the Telegram messenger, released the database, allowing anyone interested to use the private data stored there for a small fee.

Facebook Ireland Ltd, based in Ireland, is responsible for the social networking service in Europe. Therefore, the Data Protection Commission, the equivalent of the Polish Office for Personal Data Protection, is the competent authority to handle this case. Pursuant to the provisions of Chapter VII of the GDPR, and in particular Article 60(1) of the GDPR, the Data Protection Center, as the lead authority, is obligated to cooperate with the authorities involved in the case. The Polish supervisory authority is involved in several cross-border proceedings against Facebook.

Leaked data is an ideal tool for identity theft or breaching bank security. Particular attention should be paid to attempts by an unknown caller to authenticate the contact using parts of our personal data, such as our date of birth. Fraudsters can use email addresses, phone numbers, names, dates of birth, or any other data shared via the service to impersonate a bank, mobile network operator, courier, energy company representative, or government office. The most common method involves enticing an unsuspecting target to click a link leading to a specially crafted website where the victim makes a payment, provides credit card information, or shares bank account login details (phishing). If you notice an unauthorized payment transaction on your account, you should immediately report the issue to your bank and request a refund. At the same time, you should report the suspected crime to the nearest police station. You can check whether your email or phone number was exposed in this or other data breaches at https://haveibeenpwned.com/ . According to the website's terms and conditions, data entered while using the search engine is not stored anywhere.

The internet, and particularly social media, is now a common way to conduct business and communicate with selected institutions. Facebook can be used to log into many different applications, including those that require sharing sensitive data (such as Uber). Therefore, it's important to remember the importance of using strong passwords, preferably different ones for each site, and only using trusted devices and internet connections. Instead of logging into bank accounts via a browser, it's safer to use a banking app with multi-factor authentication.

Post Views: 5

Graś i Wspólnicy Law Firm is – Professionalism Experience Support.

Facebook user data leak

Latest posts

Will KOWR solve the problem of the deficit of building plots?

Draft amendment to the Act on Ownership of Premises

Sanctions in the KSeF

The principle of equal pay in labor law – scope, meaning and legal consequences

Co-financing for the registration of trademarks and industrial designs

Our cycles

Law Firm Warsaw
Graś and Partners

Our services

Menu

Contact us!