Google did not disclose security bug because it feared regulation, says report
• Google discovered a software bug that gave third-party developers access to the private profile data of users of its Google+ social network.
• In response, Google will shut down the consumer functionality of the service over the next ten months.
• The Wall Street Journal reports that Google didn’t disclose the breach when it first discovered it in March to avoid regulatory scrutiny and reputational damage.
Google did not initially disclose a Google+ security bug when it first discovered it this spring because it feared regulatory scrutiny and reputational damage, according to a Wall Street Journal report citing documents and people briefed on the incident.
Google wrote in its own blog post on the incident that it determines when to notify users about privacy and security bugs based on the type of data involved, whether it can accurately identify who to inform, whether there is evidence of misuse, and whether there is any action that a user can take in response, and that based on that criteria it didn’t immediately alert users of the Google+ bug.
However, a memo prepared by Google’s legal and policy staff and seen by the Journal shows that leadership was also concerned about causing a potential privacy scandal. The memo allegedly warned senior executives that news of the bug would cause “immediate regulatory interest” and draw comparisons to Facebook’s Cambridge Analytica data scandal.
Google did not disclose security bug because it feared regulation, says report
Google discovered a software bug that gave third-party developers access to the private profile data of users of its Google+ social network.
In response, Google will shut down the consumer functionality of the service over the next ten months.
The Wall Street Journal reports that Google didn’t disclose the breach when it first discovered it in March to avoid regulatory scrutiny and reputational damage.
Jillian D’Onfro | @jillianiles
Published 12:49 PM ET Mon, 8 Oct 2018 Updated 7:55 PM ET Mon, 8 Oct 2018
CNBC.com
PLAY VIDEOGoogle did not initially disclose a Google+ security bug when it first discovered it this spring because it feared regulatory scrutiny and reputational damage, according to a Wall Street Journal report citing documents and people briefed on the incident.
Google wrote in its own blog post on the incident that it determines when to notify users about privacy and security bugs based on the type of data involved, whether it can accurately identify who to inform, whether there is evidence of misuse, and whether there is any action that a user can take in response, and that based on that criteria it didn’t immediately alert users of the Google+ bug.
However, a memo prepared by Google’s legal and policy staff and seen by the Journal shows that leadership was also concerned about causing a potential privacy scandal. The memo allegedly warned senior executives that news of the bug would cause “immediate regulatory interest” and draw comparisons to Facebook’s Cambridge Analytica data scandal.
— Read on www.cnbc.com/2018/10/08/google-reportedly-exposed-private-data-of-at-least-hundreds-of-thousands-of-plus-users.html