Facebook - data breach

Are you affected by the Facebook data breach?

rauten-rand

Then secure your compensation claim here!

What happened at Facebook:

In April 2021, Facebook experienced a data breach that exposed the personal information of millions of users. Unknown people managed through so-called "scraping", i.e. the mass, automated collection of Facebook profiles to collect personal data of the users.

Which data was leaked:

According to our documented research and a comparison with Facebook's relevant terms of use, the publication of the data is still not lawful, even if Facebook's statements regarding the data protection incident were true.

The data protection incident particularly affected the following personal data:

protectra-raute
Facebook ID
protectra-raute
Full name
protectra-raute
Gender
protectra-raute
Email addresses
protectra-raute
Address data
protectra-raute
Place of birth
protectra-raute
Unstructured data
protectra-raute
Relationship status
protectra-raute
Employer
protectra-raute
Phone number
protectra-raute
Date of birth

What you can do:

Fill out our form, and we will handle your compensation claim in exchange for a success-based fee of 25% of the enforced claim (success fee). This means you bear no cost risk.

How it works:

You hand over your problem to us by filling out the following form.

We take care of enforcing your rights by bundling claims together.

Report SMS spam

If you are receiving increased spam as a result of the Facebook data protection incident, you can report this phone number misuse via the complaint form provided by the Federal Network Agency.

Assert your claims now

By authorizing us to enforce your compensation claims against Facebook, we stand by your side as your partner. We will guide you step by step through the entire case, up to and including court enforcement if necessary, with regular updates, and are available by phone to assist you.

The data collected during the order process is used for contract execution, namely to inform you about your ongoing matters, as well as to provide updates on developments in other cases in the fields of consumer and data protection law. You can object to the use of your email address for information purposes beyond your specific case at any time, without incurring any costs other than the transmission costs according to the basic rates.

Engagement on a Success Fee Basis (Assignment for Collection):

FAQ - data breach

Do you have questions?
We have answers.

The risk posed by a data breach depends on the leaked data. Depending on the information disclosed, there may be an increased potential for spam when email addresses are leaked, misuse of exposed passwords, Trojan emails, social engineering, and phishing attacks. The risks increase the more data is available to the sender. As a result of a data protection incident, there is a tangible risk of financial damage, such as through the misuse of credit card data or identity theft leading to fraudulent commitments at the expense of the affected individual. If location data is involved, the leaked information may also be used to create movement profiles of those affected. The risk of becoming a victim of extortion or threats also increases, particularly when sensitive data is involved. Especially concerning sensitive categories of personal data such as political beliefs, union membership, sexual orientation, or health data, there is an increased interest in deciding who learns such details.

With the support of Protectra, which consolidates and enforces the claims of affected individuals. Particularly advantageous for those affected: According to Article 82(4) GDPR, both the data controller and any processors involved in the processing may be held jointly and severally liable for violations. Additionally, Article 82(3) GDPR significantly eases the enforcement of claims because the data controller must prove the proper handling of personal data:

"The controller or the processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage."

In addition to the right to information and injunctive relief, affected individuals are entitled to compensation under Article 82 GDPR. This covers both material damages (e.g., expenses for changing an email address) as well as non-material damages. The latter includes compensation for tangible disadvantages due to objectively understandable impairments of personal matters that carry a certain weight.

 
 

Both Art. 82 para. 1 GDPR and § 83 para. 2 BDSG provide for compensation for non-material damages. Since December 2023, the European Court of Justice (ECJ) has defined the conditions under which compensation claims apply in a series of rulings (C-340/21, C-456/22, C-667/21, C-300/21, C-182/22, C-189/22, C-200/23) in favor of individuals whose personal data was unintentionally published. The Federal Court of Justice (BGH) has now ruled in its leading decision on the scraping incident at Facebook that the mere loss of control over personal data can constitute damage within the meaning of Art. 82 GDPR, and there is no need to prove additional concerns or fears.

As soon as there are updates, we will inform you about the status of your case in our "Blog on Data Protection Scandals and Other Small Matters" section on our homepage. We kindly ask that you refrain from inquiries in the meantime. In a relatively new legal field without consistent case law, it is not uncommon for the completion of a single instance to take a considerable amount of time (sometimes over a year).

Protectra, our opponents, or the legal protection insurance.

As a data processor, Facebook is generally obligated under Art. 34 GDPR to inform affected individuals about a data breach, especially when it involves a "likely high risk to the personal rights and freedoms" of the affected individuals. Facebook argues that the obligation to inform was waived because subsequent measures were taken to ensure that the risk no longer persisted.

In leading decisions, the Federal Court of Justice (BGH) decides on fundamental legal questions, even if the procedure has already been completed. Typically, in a large number of civil lawsuits with similar factual circumstances (such as the dispute over the Facebook data breach), the same decisive legal questions arise, which the BGH clarifies at the highest judicial level. This allows lower courts in similar cases to make swift decisions based on this leading decision.

In the oral hearing on November 11, 2024, the BGH stated that the mere loss of control over personal data can constitute damage within the meaning of Art. 82 GDPR, and that there is no need to prove additional concerns or fears.

Scroll to Top