(Photo by Flickr user Shop Catalog, used under a Creative Commons license)
State Attorney General Matt Denn — one of 41 attorneys general who signed a March letter to Facebook CEO Mark Zuckerberg stating that they will investigate whether the site’s data breach violated state laws — found that more than 200,000 people in Delaware alone may have had their personal data exposed to Cambridge Analytica and other third parties.
In a state with only 960,000 people, that’s no small number. Assuming every Delawarean had Facebook (and that’s not the case), there’d be a roughly 20 percent chance you were affected.
— AG Matt Denn (@DE_DOJ) May 4, 2018
From the Delaware Department of Justice:
The estimate of the possible extent of the data breach in Delaware came from responses by Facebook to questions posed by Attorney General Matt Denn’s office and other state attorneys general who are conducting investigations of the breach of personal privacy involving Facebook information. Global Science Research may have improperly shared Facebook information of up to 87 million users worldwide with Cambridge Analytica and other third parties, according to the company’s public disclosures.
In Delaware, Facebook estimated 902 users installed the app through which Global Science Research gained access to personal information of those users and of those users friends. Facebook estimated that up to 200,651 users in Delaware were friends with people on Facebook who had installed the app.
Facebook’s estimates provided to the attorneys general showed that approximately 196,000 Facebook users in the United States downloaded the app, but more than 46 million Facebook users in America were friends with someone who had downloaded the app, thus were potentially exposed.
The data shows how quickly a breach can spread on social media, where each user is interconnected with thousands of people through their friends — and friends of friends, etc.
Denn has said that he and other attorneys general will continue investigating Facebook.
What you can do about it
Want to see if your data has likely been shared with Cambridge Analytica?
Facebook has a tool that automatically checks whether you or your friends have used the “This is Your Digital Life” app connected to the breach: Try it here.
Of course, a clean result doesn’t necessarily mean your data is safe. There are a lot of apps out there, and sometimes people connect them to their Facebook accounts without even realizing it.
Deletion is a fix (if your data hasn’t already been compromised, of course). Still, Facebook data is generally stored for about 90 days after an account is deleted.
You can download a copy of your Facebook data from the Settings tab — click on the dropdown to the right of the Quick Help question-mark on the taskbar. The link, which has recently been made easier to find, will be at the bottom of your General Account Settings. For more info on accessing your Facebook data, click here.
You can also view your connected apps via the Settings sidebar, and delete as necessary. The DOJ suggests that you use a minimal number of third-party Facebook apps, and recommends that you do not use Facebook to sign in to other sites.