Up to 11 million UK accounts recently saw personal information published online

Credit: Sarah Marshall/CC BY 2.0

A government minister has encouraged citizens concerned about the recent leak of personal data gained in a major breach of Facebook to visit the Have I Been Pwned? website to check whether they have been affected.

Data from a reported 533 million users was gained from the social network up to 2019 via data scraping – an automated process through which information is extracted from websites and typically imported into local files, such as spreadsheets.

This data, understood to largely comprise phone numbers, was recently published online. About 11 million UK Facebook account holders are understood to have been affected.

Minister for media and data John Whittingdale indicated that the government’s advice for those who are concerned that their information may have been leaked is to visit HIBP – a website set up to allow people to check if and when their personal data has been compromised in a data breach. Visitors to the site can enter their email address and phone number and see all the breaches in which these details have been posed. 

Related content

• Dowden: ‘The idea that free speech can be switched off by a button in California is unsettling’
• Digital secretary meets with Australian counterpart over Facebook face-off
• Online harms law could see social networks fined billions of pounds

Whittingdale said: “The National Cyber Security Centre recommends that members of the public who are concerned that their email and/or phone number may have been leaked in the 2019 breach and any other data breaches should check the website https://haveibeenpwned.com. This website has been supported by the National Cyber Security Centre in the past.”

The Facebook breach is now the subject of an inquiry by Ireland’s Data Protection Commission, which last week announced the launch of an official probe.

“The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data,” it said.

The data minister, who was speaking in answer to a written parliamentary question from shadow digital minister Chi Onwurah, said that UK regulators will assist with the probe.

“The Information Commissioner’s Office continues to work with and support its Irish counterpart to ensure that the data of UK citizens is protected,” he said. “The government has made it clear that all organisations, especially large global tech firms who process vast amounts of personal data, must comply with the UK’s data protection legislation, which poses strict obligations on organisations to ensure that UK citizens’ data is processed safely, securely and transparently. Organisations which fail to comply with the legislation may be investigated by the Information Commissioner’s Office and subject to increased fines.”