iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A German court has ruled that those whose data was accessed and exfiltrated by cyber criminals in a 2018–2019 data breach are entitled to compensation.
On Monday (18 November), the German Federal Court of Justice (BGH) ruled that those affected by a loss of control of basic data are eligible to seek compensation without proving specific damages or financial impact.
The ruling has been made following a cyber incident in 2018 and 2019 where threat actors scraped the data of roughly 533 million users, including 6 million from Germany.
At the time, it was possible to search for users using their phone numbers. Using this technique, threat actors ran automated searches of millions of randomly generated phone numbers to scrape user data. This data was then leaked in April 2021.
When the incident first occurred, thousands of those in Germany affected sought compensation; however, the claims were rejected as the company had not been hacked, and users could not prove exact damages.
In one case, one user demanded a minimum of €1,000 (A$1,626) in compensation but was rejected by the higher regional court in Cologne.
Now, the BGH’s new decision sets a precedent that will mean these claims will need to be revisited.
While the BGH is not likely to pay the full €1,000 for the case above, it has said it would consider €100 as appropriate compensation as the damages aren’t specified.
The court also said that the lower court would need to decide whether users voluntarily consented to the use of their data and if Facebook was transparent about the terms of its use.
However, despite the ruling, Facebook’s parent company, Meta, has doubled down in its decision to not pay compensation following the incident.
Regarding the latest claim, a Meta spokesperson has said the ruling was “inconsistent with the recent case law of the European Court of Justice”, the highest court in the EU.
“Similar claims have already been dismissed 6,000 times by German courts, with a large number of judges ruling that no claims for liability or damages exist.
“Facebook’s systems were not hacked in this incident, and there was no data breach,” the spokesperson said.
Be the first to hear the latest developments in the cyber industry.
