Google—Google concealed Google+ data breach exposing 500,000 users' personal information for six months
In October 2018, the Wall Street Journal reported that a software bug in Google+ exposed the personal profile data of up to 500,000 users to third-party developers. Google discovered the vulnerability in March 2018 but chose not to disclose it publicly for six months, partly due to fears of regulatory scrutiny and comparisons to the Cambridge Analytica scandal. An internal memo showed Google's legal team advised that disclosure was not legally required. A second bug discovered in December 2018 affected 52.5 million users. Google shut down Google+ for consumers in April 2019.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Corporate Transparency | -against | primary | -1.00 |
| Data Security | -against | primary | -1.00 |
| User Privacy | -against | secondary | -0.50 |
| Overall incident score = | -0.369 | ||
Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.59)× agency (negligent ×0.5)
Evidence (1 signal)
Wall Street Journal revealed Google concealed Google+ data breach for six months to avoid regulatory scrutiny
The WSJ reported that a Google+ API bug exposed personal data of up to 500,000 users to external developers. Google discovered the vulnerability in March 2018 but chose not to disclose it for six months. An internal memo revealed Google's legal team advised against disclosure partly to avoid comparisons to the Cambridge Analytica scandal. A second breach in December 2018 affected 52.5 million users.