Google will be shutting down its social media platform Google+ as an investigation is being initiated by the Data Protection Authority in Ireland into reports that it failed to disclose to a bug that may have affected up to 500,000 accounts.
A report in the The Wall Street Journal discovered internal communications which showed that Google senior management was knowledgeable of the bug. However, the details of the breach were not made public as they should have been, seemingly in a bid to avoid scrutiny by data regulators.
When the news was first released, by the Irish Data Protection Commission to US news network CNBC, that it had not been made aware of the GDPR breach a statement read: “The DPC was not aware of this issue and we now need to better understand the details of the breach, including the nature, impact and risk to individuals and we will be seeking information on these issues from Google.”
Following this news, Google Vice President Ben Smith commenting on the bug to the public in a blog post and added the news that the social media platform will be shut down. Mr Smith said that, during an audit of Google’s Project Strobe initiative, earlier this year the bug was noticed. He commented that the data violation was “limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.”
Smith went on to say: “(We) cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.”
So far no proof has been found to imply that any profile data was misused due to the breach.
The breach happened in March of this year, suggesting that the Internet giant would not be fall foul of GDPR as it only became enforceable on May 25 this year.