Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Legal Action Against Meta. Show all posts
Supreme Court
Cyber Security Data Disclosure Attack data security Facebook Legal Action Against Meta Meta Meta Platforms Supreme Court

Supreme Court Weighs Shareholder Lawsuit Against Meta Over Data Disclosure

 

The U.S. Supreme Court is deliberating on a high-stakes shareholder lawsuit involving Meta (formerly Facebook), where investors claim the tech giant misled them by omitting crucial data breach information from its risk disclosures. The case, Facebook v. Amalgamated Bank, centers around the Cambridge Analytica scandal, where a British firm accessed data on millions of users to influence U.S. elections. While Meta had warned of potential misuse of data in its annual filings, it did not disclose that a significant breach had already occurred, potentially impacting investors’ trust. During oral arguments, liberal justices voiced concerns over the omission. 

Justice Elena Kagan likened the situation to a company that warns about fire risks but withholds that a recent fire already caused severe damage. Such a lack of disclosure, she argued, could be misleading to “reasonable investors.” The plaintiffs’ attorney, Kevin Russell, echoed this sentiment, asserting that Facebook’s omission misrepresented the severity of risks investors faced. On the other hand, conservative justices expressed concerns about expanding disclosure requirements. Chief Justice John Roberts questioned whether mandating disclosures of all past events might lead to over-disclosure, which could overwhelm investors with excessive details. Justice Brett Kavanaugh suggested the SEC, rather than the courts, might be better positioned to clarify standards for corporate disclosures. 

The Biden administration supports the plaintiffs, with Assistant Solicitor General Kevin Barber describing the case as an example of a misleading “half-truth.” Meta’s attorney, Kannon Shanmugam, argued that such broad requirements could dissuade companies from sharing forward-looking risk factors, fearing potential lawsuits for any past incident. Previously, the Ninth Circuit found Meta’s general warnings about potential risks misleading, given the company’s awareness of the Cambridge Analytica breach. The Court held that such omissions could harm investors by implying that no significant misuse had occurred. 

If the Supreme Court sides with the plaintiffs, companies could face new expectations to disclose known incidents, particularly those affecting data security or reputational risk. Such a ruling could reshape corporate disclosure practices, particularly for tech firms managing sensitive data. Alternatively, a ruling in favor of Meta may uphold the existing regulatory framework, granting companies more discretion in defining disclosure content. This decision will likely set a significant precedent for how companies balance transparency with investors and risk management.
Read more »
UN Fine
Data Breach Legal Action Against Meta Meta Meta Penalized UN Fine

Meta Penalized $101 Million for Storing Passwords in Plaintext, Faces Heightened EU Oversight

 

Meta, the parent company of Facebook, has been fined Euro 91 million (USD 101 million) by the Irish Data Protection Commission (DPC) following the revelation that the company stored millions of user passwords in plaintext.  

Plaintext refers to readable data that does not need a decryption key to access. It can be any file or message, including text or binary data, that has not been encrypted yet. Plaintext is often used in tasks like document writing, coding, and email. In encryption, plaintext is the input that gets converted into ciphertext, which is the secured, unreadable version.

The breach, discovered during an internal review and disclosed in 2019, involved sensitive user data being accessible to over 2,000 engineers, who collectively queried the password database more than 9 million times. This fine adds to Meta’s growing list of penalties under the European Union’s General Data Protection Regulation (GDPR), which has cost the company more than Euro 2 billion since the regulation was introduced in 2018. Notably, Meta is appealing a record Euro 1.2 billion fine issued last year, making the company one of the most scrutinized by European regulators. 

Meta identified the security lapse during a routine check of its data storage practices. The company stated that no evidence was found to suggest that any internal personnel had misused the passwords or that external entities had accessed the data. Despite these assurances, the incident brought to light a major oversight, as modern security protocols universally require passwords to be encrypted through cryptographic hashing rather than stored in plaintext. 

Password hashing, the standard across most industries, ensures that original passwords cannot be easily retrieved. Algorithms like Bcrypt, PBKDF2, and SHA512crypt are specifically designed to slow down attempts to crack hashed passwords, using computationally expensive processes that deter attackers. Meta's failure to employ such methods represents a serious departure from accepted practices. 

Graham Doyle, Deputy Commissioner at the DPC, highlighted the risks of Meta’s actions: "Storing user passwords in plaintext is widely recognized as a significant security vulnerability. Such data must be protected adequately to prevent abuse." 

As Meta continues to grapple with regulatory fines and pressures, this latest penalty underscores the EU's rigorous enforcement of data protection laws under GDPR. The company faces growing demands to revamp its security protocols and align with global privacy standards to avoid further sanctions.   
Read more »
Subscribe to: Posts (Atom)