1 in 30 Canadians Affected by Facebook Data Breach

 Read Time: 5 Minutes

facebook-data-breach-v2

Facebook has announced how many Canadians have been impacted by the Cambridge Analytica data breach and the number is quite surprising.

622,161 Canadians have had their personal data shared with the British analytics company. While on the large scale of 87 million people who have reportedly been affected the number seems small. In fact, Facebook is attempting to minimize the damage by putting it in scale of 0.7% percent of the total users affected. But when put into perspective, no amount of PR spin can make this seem okay.

If you break it down by the estimated 18 million active Canadian users, the percentage of those affected in Canada is 3.5%. Basically that means 1 in 30 Canadians have had their personal data shared with cyber hackers.

How This Happened

In 2014, around 270,000 users were paid to install a personality quiz designed by British researcher Aleksandr Kogan. So how was he able to collect data from 50 million people if only 270,000 agreed to share their information?

It’s estimated that each user who installed Kogan's app granted him access to profile information from at least 160 of their friends. Facebook’s terms of service, and British data protection laws, were supposed to protect the data from being sold or shared with third parties; that didn’t stop Cambridge Analytica from getting their hands on the data.

According to the Observer, the data firm "then used the test results and Facebook data to build an algorithm that could analyze individual Facebook profiles and determine personality traits linked to voting behaviour.” This algorithm was then used to target Facebook ads to people who were most likely to be influenced by its message.

What Kind of Data Was Taken

Basically everything that you use Facebook for classifies as valuable data to malicious actors. Business Insider published the list of what data was at risk every time you clicked “allow” when installing a third-party app.

  • Birthday
  • Education history
  • Interests
  • Likes
  • Location sharing
  • Photos
  • Relationships
  • Religion
  • Politics
  • Work history

What Can You Do?

You can’t go back in time and change how much information you shared but going forward you can be more cautious. Starting Monday, April 9, you will see a link at the top of your News Feed to a tool where you can see what information you’ve shared with third-party apps.

This is an invasion of privacy, no matter how you slice it. If you’re a business owner, this should be a wake-up call to review your data protection plans. It’s common for business owners to have their personal Facebook account linked to their business page.

Some businesses even accept transactions through Facebook. Is financial data at risk?

This manipulation of privacy allowances leaves us feeling uneasy about how safe Facebook is for small-to-medium sized businesses. We’ll be monitoring the story as it evolves to share the best information and resources for how to protect your data in the wake of this social media scandal.

For more on what Facebook is doing to restrict access data, check that out here.

Want to make sure your personal data is protected? 

Schedule a FREE 30 Minute Consultation!

This blog is meant to provide a starting point to implementing cyber security practices within your company. Due to the rapid progression of technology this is an ongoing and ever-evolving subject!

Sources:
http://www.cbc.ca/news/technology/facebook-cambridge-analytica-600-thousand-canadians-1.4605097 
https://newsroom.fb.com/news/2018/04/restricting-data-access/  
http://www.businessinsider.com/what-data-did-cambridge-analytica-have-access-to-from-facebook-2018-3  
https://www.statista.com/statistics/282364/number-of-facebook-users-in-canada/ 

 

 

Tags: data breach, facebook data breach, data privacy, facebook, Personally Identifiable Information


Default Avatar

Laird Wilton

Laird is Co-Founder of Securicy, an Information Security Company that enables organizations to efficiently implement and maintain compliant Information Security Practices