Twitter has been fined €450,000 by the Irish Data Protection Commissioner (DPC) for failing to promptly declare and properly document a data breach. This comes after a Twitter bug led to private tweets being made publicly available. But not everyone involved in the breach knows that they had their privacy compromised.
Who was affected by the Twitter data breach?
Users affected by the Twitter data breach:
- used the ‘Protect your Tweets’ feature during the data breach period (5 September 2017 to 11 January 2019)
- used the Twitter for Android app only. People on iOS or the web were not impacted
- made certain account changes during this time (e.g. changed their email address).
Twitter has said that it has “informed people we know were affected by this issue”. However, the bug could have been in place since 2014, and Twitter does not keep logs that far back. In addition, an announcement on the Twitter Help Centre said that it could not confirm every account that may have been impacted.
What was the impact of the Twitter breach?
Despite fining Twitter €450,000, the DPC does not believe that the breach was hugely damaging to the affected users. Instead, it primarily issued the fine based on Twitter’s failure to follow the proper steps after discovering the breach. However, at Keller Lenkner UK, we know that the impact of a breach such as this can be hugely detrimental. For example, by making private tweets public, it is quite possible that a user could have:
- been unsuccessful in job applications as a result of social media checks
- suffered online abuse for tweets that were made public
- experienced emotional distress at the thought of their private tweets being made public.
“The considerable use of social media by prospective employers and recruiters for vetting candidates means that in reality users could have failed job applications without realising or knowing it.”
Kingsley Hayes, Head of Data Breach, Keller Lenkner UK
What can you do about Twitter’s failure to protect your private tweets?
In total, we believe that at least 88,726 Twitter users in the EU are affected by this breach, and there is likely to be significantly more. These people could now have a claim for compensation. As well as claiming for emotional distress and any damage done (e.g. financial losses, missed career opportunities, etc.), people involved in the Twitter breach can also claim for the loss of privacy itself.
At Keller Lenkner UK, we are registering people in England & Wales who have been affected by this breach and who want to get justice. Register with us and we will keep you up to date with any developments as they happen. We will also let you know when you can make a claim.
You can register if you believe you are involved in this breach – even if Twitter has not confirmed as such. However, if you do not have evidence that your private tweets were made public, you will need to demonstrate that you are in the group affected by this breach (Android user, etc.) and that you experienced harm as a direct result of the privacy failure.