Facebook sued hours after announcing security breach

Plaintiffs claim Facebook failed to protect their personal data. Want relief and punitive damages against Facebook.
Written by Catalin Cimpanu, Contributor

Hours after it announced a massive security breach that affected at least 50 million of its users, Facebook was sued in a California court.

The lawsuit was filed by two of the social network's users, Carla Echavarria of California, and Derrick Walker of Virginia. The two plaintiffs are seeking class-action status for their grievance, in what's likely the first of many such suits to come.

Also: If Facebook worked we wouldn't be in this mess

According to a copy of the complaint obtained by ZDNet, the two argue that Facebook failed to protect their data, which, according to a Facebook official statement published hours before their filing, was harvested by yet-to-be-identified hackers exploiting a combination of three bugs in Facebook's source code.

"This case involves the continuing and absolute disregard with which Defendant Facebook, has chosen to treat the PII of account holders who utilize Facebook's social media platform," the lawsuit reads.

"While this information was supposed to be protected, Facebook, without authorization, exposed that information to third parties through lax and non-existent data safety and security policies and protocols."

Also: Can LinkedIn finally kill the business card TechRepublic

Plaintiffs now fear that because of the Facebook breach their personal data may be easily accessible to hackers on the Dark Web.

If class-action status is granted, the two plaintiffs are requesting relief, but also punitive damages against Facebook, in the form of a fine, under the California Civil Code. The size and value of the relief and/or punitive damages are to be decided after a trial.

It is not a surprise that Facebook was hit with a class-action lawsuit after announcing its security breach on Friday. Over three dozens class-action lawsuits were filed against Facebook after it disclosed the Cambridge Analytica data harvesting incident earlier this year.

The only surprise is that the class-action was filed on the same day of Facebook's announcement, just a few hours after Facebook's press release. Facebook said it still doesn't have a full picture of the incident and it's still investigating the breadth of the breach together with US law enforcement agencies.

Also: Here's how quickly Facebook rebuilt its profile on me CNET

Facebook said it spotted the breach after a noticeable spike in user traffic. A breakdown of how Facebook spotted the breach is available in this ZDNet article, here.

The social networking giant is also facing pressure from lawmakers to provide more details about the incident [1, 2, 3], and may soon face official inquiries.

The class-action lawsuit was first spotted and reported by Bloomberg.

Adjust these Facebook privacy settings to protect your personal data


Facebook's new privacy settings: Look out for these shortcuts, data delete options

Amid the ongoing trust crisis, Facebook users get an easier way to download their data and new mobile privacy settings.

Europe's top court has just blown a big hole in Facebook's fan-page terms

New CJEU ruling in Facebook case could have "far-reaching effects" for GDPR contracts.

Facebook's fake account crackdown: Our AI spots nudity, hate, terror before you do

Facebook's new report attempts to convey how effective its AI is at flagging bad content and fake accounts.

Google secretly logs users into Chrome whenever they log into a Google site

Browser maker faces backlash for failing to inform users about Chrome Sync behavioral change.

Facebook's latest headache: How to spot "deep fake" videos

Facebook is facing an uphill battle automating the detection of misinformation in photos and videos.

Related stories:

Editorial standards