Google has decided to shut down its social media website Google+ after a massive data breach which potentially exposed data of over 500,000 users. Google has since decided to shut down the network for consumers.
The company said it didn’t report the breach partly due to fears of regulatory scrutiny. This comes from the Wall Street Journal who cited unnamed sources and internal documents. Google said the bug hasn’t affected the personal data but is investigating the issue. Google found the issue with their API back in March but chose to ignore it and not report it to the regulatory bodies. This is in direct voliation of GDPR which says that any data breach should be reported within 72 hours.
Google said a glitch in the social site gave outside developers potential access to private Google+ profile data between a major redesign in 2015 and March 2018, when internal investigators discovered and fixed the issue.
None of these thresholds were met in this instance,” it said. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.
Wall Street Journal also reported that Google Chief Executive Officer Sundar Pichai was briefed on the plan not to notify users as it would result in an immediate regulatory interest. Since now the breach has been reported, it would be interesting to see how the regulatory bodies respond to this.