German court says victims of massive Facebook data breach can be compensated

Avatar

A German court ruled on Monday that thousands of local Facebook users affected by a massive data breach in 2021 are eligible for compensation.

According to a statement from the German Federal Court of Justice (BGH), users can claim around €100 ($105) for the breach even if the data obtained by the hackers wasn’t misused or caused any harm.

“Even a brief loss of control over personal data due to a violation of the GDPR can count as non-material damage,” BGH said.

In 2021, the personal data of approximately 533 million Facebook users from around the world was leaked online. The breach occurred after unknown hackers exploited a feature that allowed them to access Facebook user accounts using randomly generated phone numbers.

Facebook said at the time that the information was “scraped” by malicious actors through a vulnerability in its tools prior to September 2019. The breach exposed users’ personal data, including their user ID, full name, workplace and gender.

German users who filed a lawsuit against Facebook said the company failed to implement “adequate security measures,” leading to distress and loss of control over their personal information.

They first requested €1,000 ($1,056) each in damages, but the court ruled that €100 would be a fair amount, as there was no evidence of financial loss. Previously, German courts had rejected users’ claims for damages.

In a comment to German media on Monday, a company spokesperson said that during the mentioned incident, Facebook’s systems were not hacked, and there was no data breach.

According to Meta, similar claims have already been dismissed thousands of times by German courts, with a large number of judges ruling that no claims for liability or damages exist.

It is not yet clear how many German users will receive compensation for being affected by the breach. According to local media reports, the claims against Meta expire at the end of this year, so users would have to act quickly — by filing a lawsuit and proving they were victims of the incident — to receive compensation from the company.

In 2022 Meta was fined €265 million ($280 million) by Irish data protection authorities for the same incident.

In a statement to Recorded Future News at that time, a Meta spokesperson said the company “cooperated fully” with the Irish authorities on this issue.

“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers,” the spokesperson said. “Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge. We are reviewing this decision carefully.”

CybercrimeGovernmentNewsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

Next Post

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Related Posts

Ransomware on ESXi: The mechanization of virtualized attacks

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the
Avatar
Read More

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The
Avatar
Read More

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data
Avatar
Read More