CPM Files Shareholder Lawsuit Against Facebook Directors Following Massive Data Breach Impacting 50 Million Facebook Users
Cotchett, Pitre & McCarthy today filed a lawsuit on behalf of a Facebook shareholder in the Northern District of California, San Francisco Division, on behalf of the Company, and against several Facebook officers and directors, following the Company’s recent admission that data from 50 million Facebook users was improperly shared with third parties. The complaint alleges that Facebook’s senior management breached their fiduciary duties by failing to prevent the initial misappropriation and, after learning of it in 2015, failing to inform affected Facebook users or the public markets. Facebook lost $50 billion in market capitalization since the leak was disclosed. The Federal Trade Commission has also reportedly launched an inquiry into Facebook’s conduct and whether it violated the terms of a 2011 consent decree requiring Facebook to notify users before sharing their data with third parties.
On March 17, 2018, The New York Times and the Guardian reported that Cambridge Analytica obtained and used personal information of approximately 50 million Facebook users to build a system that could profile US voters and target those individuals with personalized advertisements. Yesterday, Facebook’s founder, Mark Zuckerberg, admitted that Facebook was informed of Cambridge Analytica’s inappropriate sharing of user data in 2015, but did not address why users and the public markets were not informed of the massive breach. Zuckerberg called the authorized sharing of data a “breach of trust” between Facebook and “the people who share their data with us and expect us to protect it.”
Mark Molumphy, a partner with Cotchett, Pitre & McCarthy, said: “Facebook’s apology doesn’t do much for the millions of Americans impacted by this conduct. It also doesn’t explain why Facebook executives waited three years to inform their loyal users and shareholders of the massive breach, especially on the heels of the FTC consent decree in 2011. This action seeks accountability from those entrusted to safeguard our personal information and who seem to pay only lip service to the privacy concerns of their users.”