Meta faced a significant privacy breach as the Texas attorney general accused it of capturing biometric data of millions of Texans without consent, utilising a facial recognition feature. Although no explicit data leakage was reported, the breach posed a reputational risk and raised concerns over personal data handling, resulting in a massive $1.4 billion settlement. This incident highlights the increasing scrutiny of tech giants regarding data privacy practices, and their potential financial and reputational impacts.
Source: https://www.wired.com/story/russia-cybercriminal-us-prisoner-swap/
TPRM report: https://scoringcyber.rankiteo.com/company/meta
"id": "met000080424",
"linkid": "meta",
"type": "Breach",
"date": "8/2024",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': 'Millions of Texans',
'industry': 'Technology',
'name': 'Meta',
'type': 'Company'}],
'attack_vector': 'Facial Recognition Feature',
'data_breach': {'number_of_records_exposed': 'Millions',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Biometric Data'},
'description': 'Meta faced a significant privacy breach as the Texas attorney '
'general accused it of capturing biometric data of millions of '
'Texans without consent, utilising a facial recognition '
'feature. Although no explicit data leakage was reported, the '
'breach posed a reputational risk and raised concerns over '
'personal data handling, resulting in a massive $1.4 billion '
'settlement.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Biometric Data',
'financial_loss': '$1.4 billion',
'legal_liabilities': 'Significant'},
'motivation': 'Legal Enforcement',
'post_incident_analysis': {'root_causes': 'Unauthorized Biometric Data '
'Collection'},
'regulatory_compliance': {'fines_imposed': '$1.4 billion',
'legal_actions': 'Settlement'},
'threat_actor': 'Texas Attorney General',
'title': 'Meta Biometric Data Breach',
'type': 'Privacy Breach',
'vulnerability_exploited': 'Unauthorized Biometric Data Collection'}