Hours after it announced a massive security breach that affected at least 50 million of its users, Facebook was sued in a California court.
The lawsuit was filed by two of the social network's users, Carla Echavarria of California, and Derrick Walker of Virginia. The two plaintiffs are seeking class-action status for their grievance, in what's likely the first of many such suits to come.
According to a copy of the complaint obtained by ZDNet, the two argue that Facebook failed to protect their data, which, according to a Facebook official statement published hours before their filing, was harvested by yet-to-be-identified hackers exploiting a combination of three bugs in Facebook's source code.
"This case involves the continuing and absolute disregard with which Defendant Facebook, has chosen to treat the PII of account holders who utilize Facebook's social media platform," the lawsuit reads.
"While this information was supposed to be protected, Facebook, without authorization, exposed that information to third parties through lax and non-existent data safety and security policies and protocols."
Also: Can LinkedIn finally kill the business card TechRepublic
Plaintiffs now fear that because of the Facebook breach their personal data may be easily accessible to hackers on the Dark Web.
If class-action status is granted, the two plaintiffs are requesting relief, but also punitive damages against Facebook, in the form of a fine, under the California Civil Code. The size and value of the relief and/or punitive damages are to be decided after a trial.
It is not a surprise that Facebook was hit with a class-action lawsuit after announcing its security breach on Friday. Over three dozens class-action lawsuits were filed against Facebook after it disclosed the Cambridge Analytica data harvesting incident earlier this year.
The only surprise is that the class-action was filed on the same day of Facebook's announcement, just a few hours after Facebook's press release. Facebook said it still doesn't have a full picture of the incident and it's still investigating the breadth of the breach together with US law enforcement agencies.
Facebook said it spotted the breach after a noticeable spike in user traffic. A breakdown of how Facebook spotted the breach is available in this ZDNet article, here.
The class-action lawsuit was first spotted and reported by Bloomberg.
RELATED AND PREVIOUS COVERAGE:
Amid the ongoing trust crisis, Facebook users get an easier way to download their data and new mobile privacy settings.
New CJEU ruling in Facebook case could have "far-reaching effects" for GDPR contracts.
Facebook's new report attempts to convey how effective its AI is at flagging bad content and fake accounts.
Browser maker faces backlash for failing to inform users about Chrome Sync behavioral change.
Facebook is facing an uphill battle automating the detection of misinformation in photos and videos.