US Congress is investigating data leak of 500 thousand Google+ users

File Reuters

UNITED STATES (VOP TODAY NEWS) – European regulators and the US Congress are going to investigate a possible leak of data of 500 thousand Google+ users. The company has already received a notice demanding to provide for the study all the information on the case and explain the reason for concealing the vulnerability.

The congress said that Americans using online services are most concerned about data protection. Fears intensified after the situation with Cambridge Analytica, which collected personal information from citizens without their consent. Google closed the vulnerability in March of this year, but hid the problem from the public.

The message also notes that the congress requires Google to disclose information about other possible data leaks that occurred in the company.

Last week, Google announced the partial closure of the project social network Google+, and also revealed information that from 2015 to 2018. There was a critical vulnerability in the service, which opened access to data of 500 thousand users.

According to WSJ informers, Google did not disclose information about the leak in the spring for fear of attracting increased attention of regulators and harming its reputation. At the same time, Google CEO Sundar Pichai was informed that users and regulators would not be informed about what had happened.

Google’s internal documents suggest that the company did not have evidence that third-party developers were abusing access to data. However, Google admits that now it is impossible to verify. A wide list of personal data is at risk, including full names, email addresses, dates of birth, field information, profile photos, place of residence, occupation and marital status. At the same time, this list did not include telephone numbers and a number of other data.

The new EU data protection rules (GDPR), which entered into force in May, require companies to notify regulators of data leaks and other problems within 72 hours. The maximum penalty for violation is 2% of global revenue. However, since Google discovered the problem back in March, this aspect of the GDPR will not be applicable, experts say.