The Goldman Sachs technology M&A team, led by Sam Britton, has cashed in on its software focus and decades of experience to dominate 2019's biggest deals.Technologyread more
American small and medium-size companies that rely on China are scrambling to adjust their business plans in response to the escalating trade war.Traderead more
Here are the products that stand to be the most affected by China's new tariffs on $75 billion worth of U.S. goods.Marketsread more
The summit comes amid fears over a global economic slowdown, and U.S. tensions over trade allies, Iran and Russia.Politicsread more
The world's second biggest economy is past a point where it cannot ignore its enormous debt anymore, according to an analyst.China Economyread more
Carl Medlock used to work at Tesla. Now he's one of the few people in the U.S. that can fix the company's original Roadster electric vehicles.Technologyread more
Trump does have some powerful tools that would not require approval from U.S. Congress.Politicsread more
Stocks dropped after Donald Trump ordered that U.S. manufacturers find alternatives to their operations in China.US Marketsread more
As demand for lab monkeys continues to rise, U.S. scientists are reporting delays in research projects because they can't obtain enough animals, according to the National...Politicsread more
The European Union will respond in kind if the U.S. imposes tariffs on France over digital tax plan, EU chief Donald Tusk told G-7.Technologyread more
Trump said he will raise tariffs on $250 billion in Chinese goods to 30% and hike duties on another $300 billion in products to 15%.Politicsread more
Frustrated posts from Facebook users point to confusion over the company's Friday announcement that as many as 50 million accounts may have been compromised. Users of the social media platform want to know if their accounts were used and if so, how and by whom.
But cybersecurity investigations take time — they always have. They can be messy and inconclusive for months, or even years. But because of General Data Protection Regulation (GDPR) enacted this May in the European Union, fast but incomplete notifications are likely the new norm.
GDPR calls for a swift three-day notification period for companies to tell people who may have been affected by a breach. But companies often don't know who precisely got the brunt of the hack among their customers right away. So while notifications may go out, the process of uncovering details in the public eye will be much slower.
"The GDPR requires prompt notice — 72 hours from 'awareness' of the breach. But it doesn't require 'perfect' notice," explains Paul Ferrillo, head of the cybersecurity practice at law firm Greenberg Traurig. "The [regulation] allows an immediate notice within 72 hours, as well as updates to that notice in phases. It comports to the right of the individual to know if there is a breach to protect him or herself."
"It's very hard for even the most skilled practitioners to fully understand the contours of a sophisticated data breach in less than 72 hours," he said.
Compared to a wide range of types of hacks, the attack against Facebook appears to have been genuinely "sophisticated," a term that is sometimes overused in relation to security breaches but applies here and means the investigation could take a long time.
Facebook's attack was multi-pronged and used previously unknown security loopholes in multiple applications available on the platform. Only when used in concert did these loopholes allow attackers to compromise accounts, Zuckerberg said on Friday. This is more complex than other breaches that may be easier to investigate, like email spear-phishing attacks, Ferrillo said.
Other companies that have dealt with breaches like these, which involve several steps and activities by attackers, have also struggled with a changing narrative that plays out in the public eye. Corporations like Equifax and Sony, had investigations that stretched for months and, for some details, more than a year. Like these events, details about what happened at Facebook will likely shift in the coming months.
Despite the complexity of the company's security investigation, Facebook has invested a great deal of time and resources into its security program. It has simultaneously faced privacy and security scandals throughout the past year. It's unlikely that consumers or regulators will be forgiving.
The GDPR's main governing body, which is based in Ireland, issued a statement this week indicating they may be tough on the social media giant: "[Facebook's] notification lacks detail and the [Data Protection Commission] is concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts, but Facebook is unable to clarify the nature of the breach and the risk for users at this point. The DPC continues to press Facebook to clarify these matters further as a matter of urgency."
This is key, as the stakes are high for Facebook. A maximum fine under GDPR amounts to 4 percent of a company's global annual turnover from the previous year. For Facebook, that could be well over $1 billion.
It gets more dire for Facebook, given GDPR was passed in part over concerns specifically about how companies handle the personal information of consumers.
Facebook's seemingly muddy messaging over breach will be the new norm under GDPR.