Thanks to Europe’s new General Data Protection Regulation, Facebook’s most recent security blunder could end up earning you a bit of money. If you’re located in Europe, the hack that left 50 million users exposed can result in monetary awards of as much as $7,800. According to a report on The Sun, legal experts say that if you can prove that you’ve been distressed as a result of the hack, you could be owed thousands of dollars in compensation.
According to GDPR rules, Facebook has an obligation to properly secure the data of its users. Facebook users can file “a claim for compensation against Facebook if they have suffered material or non-material damage,” according to Article 82 of GDPR. Because of how broad the law is, users don’t have to prove financial loss to file a claim against the social network, attorney Gareth Pope of U.K. law firm Slater and Gordon told The Sun. “You could say ‘hackers gained control of my Facebook account, that has caused me some sort of distress’, and that is now enough,” he said.
At this point, it’s still unclear of the amount, if any, a court in the U.K. or Europe would award to victims of the breach. Distress, according to Pope, could result in awards in the thousands for each victim, but if you suffered from any injury or harm resulting from the breach, the amount could be higher.
The hack occurred as a result of a flaw in Facebook’s code that allowed hackers to exploit compromised tokens that allow users to remain logged in to their accounts in order to access your Facebook profile, including your photos and private messages. Facebook discovered the flaw and it announced last month that the vulnerability has been patched. As a security precaution, it also forcibly logged off 90 million users; those who were logged off by the network could log in with their own credentials to regain access to the social network.
In addition to potentially be forced to provide monetary compensation to its users in Europe, Facebook faces a number of stiff fines and a class-action lawsuit in California. The Irish Data Protection Commission launched a formal investigation into Facebook’s data breach, and it is working with Facebook to learn more about what happens. If Facebook was negligent in providing proper data protection, GDPR could allow regulators to impose a fine of up to four percent of the company’s annual revenue. In this case, that amounts to a whopping $4 billion. Facebook may become one of the first tests of GDPR.
In the United States, the Federal Trade Commission (FTC) is also investigating the breach. Facebook also faces a class-action suit that was filed in the U.S. District Court for Northern California. Facebook has not revealed any additional investigation about the breach. When it announced the breach last month, the social network said that it was only in the early stages of its investigation and that law enforcement was notified.