Tuesday , October 23 2018 Ausdroid » News » Google facing scrutiny from Australian regulator over Google+ data breach

Google’s failure to notify their customers of a data breach could land them in hot water in Australia with the Office of the Australian Information Commissioner (OAIC) looking into the breach.

According to The Australian, the Office will be seeking to find out the depth of the breach and how many of the 496,951 users affected by the breach were Australian.

News of the data breach surfaced on Monday morning in a report from the Wall Street Journal claiming that Google uncovered a breach of data within their social network Google+ earlier this year which exposed user data which included ‘full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status; it didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data’.

The breach was through a loophole in an API, which potentially gave third-party apps access to profile fields that were shared with the user but not marked as public. Google said that the data was potentially available between 2015 and March 2018 when it was patched.

Chris Griffith at The Australian points out that ‘the discovery of the breach occurred after the Notifiable Data Breaches (NDB) scheme began in late February’ meaning that the discovery and what the WSJ claims is a coverup, occurred after the program was put in place.

Under the NBD any company who is subject to a data breach, is required to notify both users, and the OAIC of the breach, ‘where there is a likelihood of serious harm to any of the individuals whose personal information is involved in a data breach’.

Even though the potential was there, Google claims that no data was actually accessed saying ‘We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused’. So, whether there is a ‘likelihood of serious harm’ is subjective and something the OAIC will have to determine.

In a statement to The Australian, the Office would be seeking information on which Australian users’ profiles were exposed

The OAIC is aware of reports about a security issue affecting Google+ user accounts. Google’s public statements state that it has found no evidence that any user profile data has been misused. However, the OAIC will be seeking further information from Google about the incident, including whether Australian users of Google+ were affected.

Daniel Tyson   Ausdroid's Editor in Chief

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

1
Join the Ausdroid Conversation

avatar
1 Comment threads
0 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Dags Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
dazweeja
Ausdroid Reader

This was a vulnerability. There’s no evidence of a data breach so it’s not correct to use that term until there is. The WSJ incorrectly used that term too but they have since amended their headline.

Check Also

Google introduces ‘Neighbourhood Sounds’ – playlists localised for your suburb in YouTube Music

The launch of YouTube Music in Australia has garnered some local content suggestions, with Google …