Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Aussie Watchdog Sues Facebook Over Cambridge Analytica Breach

Australia’s privacy watchdog announced legal action against Facebook Monday for alleged “systematic failures” exposing more than 300,000 Australians to a data breach by Cambridge Analytica.

Australia’s privacy watchdog announced legal action against Facebook Monday for alleged “systematic failures” exposing more than 300,000 Australians to a data breach by Cambridge Analytica.

The Office of the Australian Information Commissioner said it had initiated proceedings against the tech giant and that Facebook committed “serious and/or repeated interferences with privacy”.

The commission alleges the personal information of Australian Facebook users was disclosed without their permission to an app called “This Is Your Digital Life”, which then sold the data to political consulting firm Cambridge Analytica.

The now-defunct British company was at the centre of a massive scandal involving Facebook data hijacking in 2018.

US regulators said the firm “engaged in deceptive practices to harvest personal information from tens of millions of Facebook users for voter profiling and targeting”.

Australia’s watchdog began its own investigation into Cambridge Analytica two years ago, with today’s announcement it was pursuing Facebook in the courts the first action resulting from the probe.

“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy,” Australian Information and Privacy Commissioner Angelene Falk said.

Advertisement. Scroll to continue reading.

“We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”

Facebook’s own investigation found that some data from 87 million users in the United States and elsewhere had been compromised by the firm, and claimed the practices violated the social network’s terms of service.

In a statement, Facebook said it had “actively engaged” with the Australian investigation but refused to comment further on the specifics of the matter as it was before the court.

The company added it had made “major changes” to its platforms in consultation with international regulators to “restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data”.

It paid a record $5 billion penalty in a settlement with the US regulator, while in the UK was fined more than $650,000 for the breach.

It is unclear how much Facebook could be fined if the Australian action succeeds, but each contravention of Australia’s Privacy Act attracts a maximum penalty of Aus$1.7 million ($1.1 million).

Related: Facebook Fined $1.65 Mn by Brazil

Related: Turkey Fines Facebook for Breach of Data Protection Laws

Related: Italy Fines Facebook Over Cambridge Analytica Case

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.