According to a new report, at least two EU member nations and two US states are investigating a Google breach, which might have possibly exposed about half a million users’ data to more than hundred developers.
On Monday, Alphabet’s Google (GOOG) announced that it had shut its consumer version of Google+ following a bug that allegedly exposed user data including names, email addresses, occupations, gender, and age. “We are aware of public reporting on this matter and are currently undertaking efforts to gain an understanding of the nature and cause of the intrusion,” said Jaclyn Severance, a spokeswoman for Connecticut Attorney General George Jepsen to Reuters.
Reports have come in that the New York Attorney General’s office is also investigating the breach. In the statement, Google said that the issue was discovered and a patch was issued in March. According to the company’s review, no developer exploited the vulnerability or misused data.
The announcement, however, seemed to have a ripple effect with the regulators. The very next day Ireland regulator announced it would inquire with Google more on the issue. “The Data Protection Commission was not aware of this issue and we now need to better understand the details of the breach.”
German data regulator based in Hamburg is also said to be looking into the incident. With the EU law about data privacy coming to effect since May, the Ireland regulator is the overseeing body for the European bloc. The extent of the breach is yet to be paid public, and it is early to determine whether it falls in the faultlines where EU’s General Data Protection Regulation (GDPR) will penalize the giant.
According to GDPR, the fines might run as high as 4% of the annual turnover of Google, if found guilty. This might be a turning point in the company’s history with so many regulators on its tail, and it could also be one of the more bold outcomes of the GDPR, which had recently pulled over Facebook supremo Mark Zuckerberg for a detailed hearing on data privacy and usage in the social network.