Data Breach through Social Engineering
Harvard Law Review Blog, 2018
3 Pages Posted: 14 Aug 2018
Date Written: March 21, 2018
Abstract
The recent uproar involving Cambridge Analytica’s unauthorized access to, and dubious use of, personal data belonging to 50 million Facebook users in attempts to support the presidential candidacy of Donald Trump raised a series of important questions. The access to that personal information was enabled by an app developed by University of Cambridge neuroscience lecturer Aleksandr Kogan, which used Facebook Login. This granted access to personal information of its users and their Facebook friends, which was subsequently passed on to Cambridge Analytica. This post will focus on the data breach question – whether unauthorized access to personal information, in the absence of hacking, qualifies as a “data breach” for the purposes of state data breach notification laws, and potentially Federal Trade Commission (FTC) data security enforcement.
Keywords: data breach, cambridge analytica, social engineering, data breach notification law, cybersecurity law, cyber law, internet law, facebook, social media, manipulation
Suggested Citation: Suggested Citation