14 DAY TRIAL // Helen Dixon, Data Protection Commissioner for Ireland, told Reuters that the Data Protection Commission would request information regarding the security issue which exposed the data of 500,000 Google+ users to access from developers of third-party apps.
As disclosed yesterday on the company's blog, a Google+ People API bug Google found in March 2018 and active between 2015 and March 2018 might have exposed personal info like name, e-mail addresses, occupation, age, places lived, birthday, employers/organizations, and gender (as well as other less sensitive info) for 500,000 profiles.
The API security issue which led to the data leak incident was discovered while running the Project Strobe project, an internal audit of third-party developer access to Google accounts and Android device data.
Google discovered the Google+ People API bug in March 2018, but they chose not to disclose it publicly because they "found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused."
Google patched the API bug responsible for leaking info on 500K Google+ profiles but failed to report it to any data regulators
Furthermore, according to a Google memo leaked to The Wall Street Journal, "disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica."
The Data Protection Commissioner for Ireland Helen Dixon expressed the Commission's interest in taking a closer look into the circumstances of the March 2018 Google security breach.
“The Data Protection Commission was not aware of this issue, and we now need to better understand the details of the breach, including the nature, impact, and risk to individuals and we will be seeking information on these issues from Google," said the Irish data regulator.
According to Google's blog post describing the security issue and Google+'s future shut down, the bug was patched immediately after its discovery in March 2018.