Facebook’s involvement with Cambridge Analytica offers organizations a cautionary tale about the impact of data breaches.
Last week’s revelations that Cambridge Analytica improperly accessed Facebook data belonging to millions and used that data to influence the 2016 U.S. presidential race and Brexit vote raised global ire and sent Facebook’s stock into a $50 billion wipeout.
Over the past several years, governments and individuals have signaled a growing impatience with data breaches and a desire for organizations that treat them blithely to pay for their inattention and lack of cybersecurity. Especially given that reports are suggesting that Facebook poorly monitored third-party developers access to data, had the Cambridge Analytica breach occurred after May 25, 2018 — when GDPR comes into force — it could have cost Facebook 4% of its annual revenue or $1.62B based on 2017 numbers.
Five days after the breach announcement, Facebook Founder Mark Zuckerberg finally broke his silence, claiming that much of the problem had already been addressed years ago, while laying out a plan to investigate data that could have been leaked via other third-party apps. Absent, however, was any response to Ex-Facebook Insider Sandy Parakilas’s claims that Facebook could have stopped these breaches much earlier.
Facebook’s Chief Information Security Officer (CISO) Alex Stamos has announced his departure also citing leadership differences around the Cambridge Analytica breach as well how the company handled Russian interference in U.S. elections via Facebook’s platform.
Five days after the breach announcement, Facebook Founder Mark Zuckerberg finally broke his silence (shown here during his F8 developer conference keynote).
By March 20th, Zuckerberg had seen his personal net worth decline by more than $5 billion in the days since the breach announcement, but Marketwatch reports that it could have been worse. This year, Zuckerberg has already sold nearly $1 billion of Facebook stock. But while the Cambridge situation grabs headlines as well as calls for Zuckerberg to appear before the U.S. Congress and British Parliament, investigations are underway in New York and Massachusetts and a Facebook user class action lawsuit has already been filed. On March 21, India suspended Cambridge Analytica's local website and issued a public warning to Zuckerberg stating that the site remained welcome in the country, but there would be consequences if Facebook colluded in the data theft of Indians.
Despite all of this action, analysts are saying that regulation is an even bigger threat to Facebook, with possible ad revenue losses on the horizon due to impending data privacy restrictions. Europe has also been historically stricter with the company than other parts of the world. With breach notifications of 72 hours and harsh fines, GDPR will offer a potential revenue-blocking hurdle come May.