Facebook users urged to sue platform over 500m person data leak

Facebook users who saw their personal data leaked on a hacker forum this month have been urged to join a mass legal action against the tech giant. 

A rights group based in Ireland, which is the site of Facebook’s European headquarters, is attempting to rally EU citizens who were affected by the privacy breach to sign up to its campaign to sue Facebook for damages. 

Non-profit group, Digital Rights Ireland, which wants to take a mass-action to the Irish courts, says the breach might mean that users involved could receive more nuisance calls. 

“Previously this file was for sale on the dark web, trading quietly but now it’s available for free…. so lots of people are going to have this file,” said DRI’s Antoin O Lachtnain on RTE Radio. 

DRI is asking people who want to join the case to make a financial contribution to the case of around £50 – £100. 

The prospect of having to pay out to a large group of people “gives a company like Facebook the incentive not to do this again”, O Lachtnain added. 

Personal data, including phone numbers, email addresses, dates of birth and employers names, belonging to around 500 million people from 106 countries was published on a hacking forum earlier in April, although the data had been taken from Facebook years earlier.

The feature that was used to scrape the data was changed in 2019 after Facebook was made aware it was being abused.

The Irish Data Protection Commission said it would launch an investigation into the leak “to determine whether Facebook Ireland has complied with its obligations, as data controller”.   

Firms found in breach of Europe’s data protection law, the GDPR, face fines of up to 4pc of their annual global turnover.  

However Facebook has previously denied wrong doing because the data was not stolen from a hacker breaking into Facebook systems. Instead, it was taken from information that users made publicly visible themselves.    

“We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it,” a Facebook spokesperson said.

“As LinkedIn and Clubhouse have shown, no company can completely eliminate scraping or prevent data sets like these from appearing. That’s why we devote substantial resources to combat it and will continue to build out our capabilities to help stay ahead of this challenge.”