1. Home
  2. News
  3. Cybersecurity News

SEC levies $100 million fine against Facebook over data misuse

The agency says Facebook knew about the data breach while continuing to describe it in ‘hypothetical’ terms

Photo (c) coffeekai - Getty Images
The Securities and Exchange Commission (SEC) announced Wednesday that it intends to fine Facebook $100 million for making "misleading disclosures" about the risk of user data misuse. 

The agency alleges that Facebook continued to describe possible data breaches to investors in “hypothetical” terms even though it had known about the data breach for several years. 

“For more than two years, Facebook’s public disclosures presented the risk of misuse of user data as merely hypothetical when Facebook knew that a third-party developer had actually misused Facebook user data,” the SEC said in a statement

“Public companies must identify and consider the material risks to their business and have procedures designed to make disclosures that are accurate in all material respects, including not continuing to describe a risk as hypothetical when it has in fact happened.” 

Facebook agreed to settle the charges “without admitting or denying the SEC’s allegations,” the agency noted. 

Mishandling of user data 

The fine from the SEC is separate from the $5 billion penalty approved this week by the Federal Trade Commission (FTC) over the Cambridge Analytica data breach, which resulted in up to 87 million Facebook users having their information improperly accessed. The FTC and the SEC began investigating Facebook last July following the data-sharing scandal. 

In response to the actions taken against it, Facebook has promised greater transparency and increased efforts to protect user privacy. Facebook said the FTC agreement "will mark a sharper turn toward privacy, on a different scale than anything we've done in the past.” The company said it has already set aside money to pay the fine. 

“Going forward, our approach to privacy controls will parallel our approach to financial controls, with a rigorous design process and individual certifications intended to ensure that our controls are working — and that we find and fix them when they are not,” Facebook said in a blog post.

Take an Identity Theft Quiz

Get matched with an Authorized Partner