Approximately half a million people who use the Google+ social media platform may have had their personal data shared without their consent, with up to as many as 438 outside developers. The data breach was the result of a glitch in the API for the Google+ platform. The bug allowed third party app developers not only to access the data of users who had granted permission, but also of their friends as well.
What did Google do?
As if having the data breach wasn't bad enough, Google’s ill-advised reaction to discovering the data breach was to fix it (so far so good) and then keep it a secret! Not only did Google fail to notify the users whose data may have been illegally shared, but they also neglected to mention the data glitch to any national regulators as well. All in all, not a great start.
Google’s reasoning behind keeping the data glitch under wraps was to prevent the company coming into the spotlight alongside (or worse still instead of) Facebook in light of the Cambridge Analytica scandal. It seems Google were very keen to avoid any parallels being drawn between themselves and the heavily criticised social media firm.
While this may be understandable, it’s certainly not forgivable and when the story eventually did break through the Wall Street Journal, the tech giant was forced to do more. As a result, Google subsequently announced that it will shut down consumer access to Google+ and look at improving their privacy protections for APIs, although they did also defend their initial decision not to disclose the leak. You can read more about this straight from the horse’s mouth, in this blog post
announcing the shutdown.
While the glitch itself is not a huge cyber security crisis or the result of hacking or any other sinister goings on like we usually cover on the Dynamic blog, it is significant due to the new series of debates it has created around data protection and accountability for data breaches. Watch this space, because we think there may be more to come regarding data regulation and data protection, particularly for these big US firms which so many of us interact with on a daily basis.