On April 6, 2021, Facebook publicly confirmed that it had been hacked. An anonymous cybercriminal published a gargantuan trove of personal data that was harvested from Facebook users to an online hacking forum. The data breach exposed the personal information of 533 million Facebook users in over 106 countries. Approximately 30 million of the exposed accounts consisted of American Facebook users.
The stolen data includes phone numbers, e-mail addresses, usernames, birthdates, locations and biographical information. Although users’ credit card information was not exposed in the massive breach, the published data could be successfully utilized to elicit financial information from the breach victims or to accomplish other identify theft schemes.
In an apparent effort to downplay the scandal, Facebook has declined to notify its users whose information was stolen.
As social media usage has proliferated rapidly in recent years, lawmakers and government regulators have struggled to ensure that technology companies take measures to protect their customers’ privacy. In concert, courts have attempted to define the remedies available to victims of data breaches. For instance, in Dittman v. UPMC (2018), the Supreme Court of Pennsylvania held that employers have a duty to safeguard sensitive personal and financial information obtained from their employees or else be exposed to civil liability for data breaches. However, it remains uncertain to what extent social media users have a similar remedy outside the context of employee-employer contracts.
You may have a remedy if your sensitive information has been exposed in a data breach. The attorneys at Bordas & Bordas keep abreast of the evolving landscape of cybersecurity laws, and we would be happy to discuss your potential claim.