AG Alerts Pennsylvanians to Latest Facebook Data Breach

Attorney General Josh Shapiro today cautioned Pennsylvanians about the latest Facebook data breach – a hack that occurred last week that could have compromised user data and information from 50 million Facebook profiles.

The breach, which occurred on September 25 and was announced on September 28, was the largest in the company’s 14-year history. The hackers reportedly exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them.

“As my Bureau of Consumer Protection digs into this latest data breach at Facebook and investigates its impact on users across our Commonwealth, Pennsylvanians should take steps to protect themselves,” Attorney General Shapiro said. “Facebook users should log out of signed in accounts, change your passwords and, most importantly, remember – never give money or personal information to anyone requesting it online or over the phone.”

After the discovery of the hack last week, Facebook logged out more than 90 million users, forcing them to log back in with their credentials to avoid further access to any sensitive information by hackers. The investigation into the source of the hack and what information was accessed during the breach is ongoing.

Attorney General Shapiro provided the following tips for consumers on how to protect themselves from identity theft or other harm related to this type of hack:

  • Do not give money, financial or personal information to anyone requesting it through Facebook or another online social media platform without first independently verifying, preferably in-person, the identity of the individual and their reason for needing the information.
  • Always log out of Facebook when not in use.
  • Change your password, make sure it is strong and continue to change it every six months.
  • Enable log-in notifications in your profile settings to alert you any time a log-in occurs from a new device.
  • Do not accept friend requests from people you do not know. Even if you do know the individual, the profile could be fake.
  • Monitor your credit card, banking and other financial statements as you receive them for any suspicious charges.
  • Monitor your credit report by visiting the three major credit bureaus, Equifax, Experian and TransUnion. You can access your report for free once a year at each bureau.

In March, Attorney General Shapiro led a bipartisan coalition of 41 state Attorneys General in demanding answers from Facebook CEO Mark Zuckerberg following reports that data of at least 50 million Facebook profiles may have been misused by third-party software developers. The investigation later determined that 2,960,311 Pennsylvanians’ Facebook data was shared with Cambridge Analytica and other third parties.

If you believe you have been a victim of identity theft or feel that your personal information has been compromised, Attorney General Shapiro recommends you immediately:

  • Contact your local police.
  • Freeze or close all affected accounts.
  • Change your pin numbers and passwords to your accounts.
  • Report it to Office of Attorney General at 1-800-441-2555 and the Federal Trade Commission at 1-877-ID-THEFT.
  • Freeze your credit until you feel confident that the issue has been resolved and only unfreeze it when you are attempting to obtain new credit opportunities.
  • Contact the three major credit bureaus and place a “fraud alert” on your account: