Google was supposed to be focusing Tuesday on its launch of a new smartphone and other devices, but the event was being overshadowed by a firestorm over a privacy glitch that forced it to shut down its struggling social network.
The Silicon Valley giant said Monday it found and fixed a bug exposing private data in as many as 500,000 accounts, but drew fire for failing to disclose the incident.
The revelation heightened concerns in Washington over privacy practices by Silicon Valley giants after a series of missteps by Facebook that could have leaked data on millions.
“In the last year, we’ve seen Google try to evade scrutiny — both for its business practices and its treatment of user data,” Senator Mark Warner said in a statement.
Warner said that despite “consent” agreements with the US Federal Trade Commission “neither company appears to have been particularly chastened in their privacy practices” and added that “it’s clear that Congress needs to step in” for privacy protections.
Marc Rotenberg, president of the Electronic Privacy Information Center, said the latest breach suggests the FTC has failed to do its job in protecting user data.
“The Congress needs to establish a data protection agency in the United States,” Rotenberg said. “Data breaches are increasing but the FTC lacks the political will to enforce its own legal judgments.”
The internet search leader had already faced tensions with lawmakers after it decided against sending its top executive to testify at a hearing on privacy and data protection, prompting the committee to leave an empty seat for the company.
Last month, Google indicated it would send chief executive Sundar Pichai to testify before Congress.
Google has also been in the crosshairs of President Donald Trump, who alleged that its search results were biased against conservatives, although there was little evidence to support the claim.
The rising tensions come with Google holding an event in New York widely expected to release its Pixel 3, the upgraded premium smartphone that aims to compete with high-end devices from Apple and Samsung.
The Pixel phone is part of a suite of hardware products Google is releasing as part of an effort to keep consumers in its mobile ecosystem and challenge rivals like Apple and Amazon.
On Monday, Google said it was unable to confirm which accounts were affected by the bug, but an analysis indicated it could have been as many as 500,000 Google+ accounts.
Google did not specify how long the software flaw existed, or why it waited to disclose it.
The Wall Street Journal reported that Google executives opted against notifying users earlier because of concerns it would catch the attention of regulators and draw comparisons to a data privacy scandal at Facebook.
Earlier this year, Facebook acknowledged that tens of millions of users had personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.
Google has also faced increasing tensions over a reported search engine which would be acceptable to Chinese censors, and over its work for the US military.
On Tuesday, Google confirmed it is dropping out of the bidding for a huge Pentagon cloud computing contract that could be worth up to $10 billion, saying the deal would be inconsistent with its principles.