From AG Mark Herring’s office – nice job!
IN RESPONSE TO AG HERRING’S REQUEST, FACEBOOK REVEALS 1.7 MILLION VIRGINIANS AFFECTED BY REPORTED MISUSE OF PERSONAL DATA
~ In March 26 letter, Herring and fellow state AGs requested information on the scale of the incident and Facebook’s privacy and data security practices ~
RICHMOND (May 2, 2018
) – In response to a demand for information from Attorney General Mark R. Herring, Facebook has revealed that up to 1.7 million Virginians, or approximately 20% of all Virginians, may have been impacted by the alleged privacy breach that has recently come to light. According to Facebook, approximately 7,100 users in Virginia downloaded the third-party application at issue, potentially exposing the private information of up to 1.7 million friends of those users. The information was provided in response to a letter Attorney General Herring sent Facebook CEO Mark Zuckerberg on March 26
demanding information about the number of potentially affected Virginians and about Facebook’s privacy policies and data security practices.
“While we continue to await a fuller explanation about this incident from Facebook and its leadership, an important first step is getting our arms around the scale of the exposure,” said Attorney General Herring. “The fact that one in five Virginians may have had their personal information shared without permission is extremely troubling. I’d encourage all Virginians to take this opportunity to review their privacy settings and make sure they understand just what they may be sharing with Facebook and other social media platforms.”
According to Facebook:
- 7,103 Virginia users installed the application
- 1,702,732 friends of those users had their information potentially exposed
- 1,709,835 total Virginians may have had their information potentially exposed
Attorney General Herring was one of a bipartisan group of 37 state attorneys general who wrote Facebook with specific questions
about the incident and Facebook’s privacy and data protection policies, including:
- How many users in the states of the signatory Attorneys General were impacted?
- Were terms of service clear and understandable?
- How did Facebook monitor what developers did with the data that they collected?
- What type of controls did Facebook have over the data given to developers?
- Did Facebook have protective safeguards in place, including audits, to ensure developers were not misusing the Facebook user’s data?
- When did Facebook learn of this breach of privacy protections?
- During this time frame, what other third-party “research” applications were also able to access the data of unsuspecting Facebook users?
Attorney General Herring and his team will update the public as more information becomes available.