Facebook has responded to a letter sent by the South African department of justice’s Information Regulator, confirming that 96,134 local users were affected by theCambridge Analytica data breach.
The data was obtained through an app called “thisisyourdigitallife”, a personality test which was developed by Cambridge University academic Aleksandr Kogan.
Facebook users who used the app shared information about their Facebook friends in the process, resulting in the data of people being collected.
“We understand that 13 people in South Africa installed the app throughout its lifetime on the Facebook Platform (i.e., from November 2013 when the app went live to no later than 17 December 2015), which is 0.004% of the app’s total worldwide installs,” a Facebook spokesperson said.
“We further understand that 96,121 people in South Africa were affected, as friends of people who installed the app that did not install the app themselves.”
The number of affected users thus totals 96,134 – up quite a bit from the initial reports of 59,777 South African users, when news of the data breach first broke. However, the number of South Africans that installed the app was found to be lower than the 33 initially reported.
In its response to the Information Regulator, Facebook said that its analysis of the breach was still ongoing, and the reported figures may be over- or under-stated, depending on how the parties involved shared the data.
However, it said it was proactively contacting those affected, and has also implemented several policy changes around privacy and data sharing to better equip users to handle their personal information.
The Information Regulator wrote to Facebook to establish how the breach occurred, the full extent of the breach, and what security measures have been put in place to prevent such a breach from happening again.
It also requested that Facebook inform all South Africans that have been affected by the breach.
According to the regulator – taking into account other recent data breaches, like the Masterdeeds breach of October 2017 – it has has agreed to set up a special task team to tackle investigations around such breaches.
The task team will include representatives of the SAPS (specifically, the Hawks), the National Credit Regulator, and the Association of Credit Bureaus, among other government departments.