Is this a Facebook data breach?In a year already rife with stories about major cybersecurity exploits and breaches, a story that broke late last week continues the trend. On the evening of Friday, March 16, Facebook announced that it had suspended Cambridge Analytica, a data analytics firm that worked with the Trump campaign, from its platform. This news is just the latest in what might be over a year-old scandal, but with the details of this incident coming to light all at once, it might be difficult for consumers to make sense of the entire story. That’s why in this post we’re breaking down the details surrounding the incident and placing them into a broader context. Continue reading to learn more about Cambridge Analytica and how this incident might have affected you.

What exactly happened?

Given the frequency of data breaches and privacy violations, the incident surrounding Cambridge Analytica’s access and use of Facebook user data might seem like it’s being overblown; however, it is a very big deal. To understand why, it’s important to explain what Cambridge Analytica is and how it accessed user data.

Cambridge Analytica, part of the Strategic Communications Laboratory (now known as the SCL Group) is a U.K. based firm that specializes in using behavioral research to influence political campaigns. Through data mining, or mass collection of consumer data, the company helps its clients develop personally targeted messaging, communications and advertisements designed to appeal to both unique individuals and distinct groups of people. Cambridge Analytica, which had close ties to the Trump campaign – Stephen K. Bannon was a former vice president – worked directly with the campaign to develop psychological profiles and microtargeting techniques to advertise and appeal to likely Trump voters.

As part of this initiative, Cambridge Analytica worked with data scientist and Cambridge academic Aleksandr Kogan, who with his company Global Science Research (GSR), created a Facebook quiz called “thisisyourdigitallife.” The quiz, which was created in 2014, was a personality test that gave users a personal prediction upon completion. Originally labeled a psychology research app gathering information for academic purposes, the app captured the data of hundreds of thousands of users for Cambridge Analytica. While test takers willingly gave up their information (though it’s worth noting GSR lied about the intent of the test), what makes this incident truly insidious is that the Facebook quiz was designed to harvest data from not only test takers, but also from friends of test takers. Due to the way Facebook managed user data in the past, it was very easy for data miners who created apps like thisisyourdigitallife to harvest information from not only the profiles they had access to, but also to profiles connected to the profiles of individuals who used these apps. This means that users who consented to have their data accessed might have also “consented” to have their friends and family’s data collected, too. Overall, GSR collected the data of 50 million users, even though only about 270,000 users took the quiz.

Although this is a massive and intentional grab of data of user data, this incident, as Facebook points out, is technically not a data breach or a hack. Still, that makes it no less alarming. Cambridge Analytica, a company whose ethics were under scrutiny before this incident, was able to legitimately access the data of millions of Facebook users without their consent and use the data under the ruse of a lie. What’s worse is that Facebook has known about this incident since 2015, and effectively didn’t react until recently. Additionally, given how relaxed Facebook’s standards around privacy were in the past, it’s entirely possible that this type of harvesting was common, though perhaps not at this scale.

Why is this news significant?

With Facebook already reeling from news about Russian actors abusing its platform for political purposes, this story definitely doesn’t help the company. Facebook’s stocks have been deeply battered by the news, and the company is facing something resembling an existential crisis as the public questions how this incident happened and what role the platform currently plays in society. As an aside, it’s worth briefly mentioning that it’s not clear how the Cambridge Analytica relates to Russian abuse of Facebook’s platform, if at all. Although the firm has been asked to turn over emails relating to the Trump campaign by Mueller’s investigation team, and although it’s known that Alexander Nix, the CEO of Cambridge Analytica, contacted WikiLeaks’ Julian Assange after the firm joined the Trump campaign, thus far, hard connections between Cambridge Analytica, the DNC hack and other Russian campaigns have yet to be established. However, the firm will, undoubtedly, face further scrutiny as time passes and more information becomes known.

Beyond the political web of intrigue and the standard concerns surrounding Facebook’s business model, the big reason this story matters is because it is yet another illustration of the perils that Internet users face when using online services. In our “Privacy in the Era of Mass Data Collection” post, we discussed at length the ecosystem surrounding consumer data, and we pointed out that sometimes when companies fail to protect user privacy, it’s intentional. With Internet users’ data being the new oil in an increasingly digital world, there’s a rush to digitize everything in order to collect and sell this information. This data can then be used against consumers in targeted psychological manipulation campaigns, as Cambridge Analytica attempted, in personalized pricing models or for other purposes. On the flip side, when companies don’t properly manage this data and fail to disclose who they’ve shared it with, it can be stolen by hackers and malicious actors who’ll use it to commit identity theft and other types of personalized harm.

What’s being done to address the situation?

Both Facebook and Cambridge Analytica are the subjects of a number of investigations. Currently, the FTC, as well as the states of New York and Massachusetts are launching investigations into Facebook’s handling of the situation. Additionally, Cambridge Analytica is in the midst of at least one lawsuit, and both the U.K. parliament and U.S. Congress are calling upon individuals from both firms to testify. Because this story is still breaking, there are a lot more developments that will likely emerge in the coming days and even weeks, so make sure to follow the news and our data breach alerts blog.

Should I stop using Facebook?

Maybe you’ve previously entertained the idea of deleting your Facebook or going dark on all of social media, but should this be the final straw? If you think it should, you’re not alone, as the hashtag #deletefacebook is trending. While deleting your account might be cathartic, keep in mind that if you’re hoping to escape the reach of Facebook, sadly, there’s no way of completely doing so aside from ditching the Internet entirely. A less drastic alternative is to be mindful of the ways you use social media – something we’ve discussed before – or simply reducing your usage. Ultimately, there are arguments for either deactivating your account, or deleting it entirely, but it is very much a personal decision.

How can I protect myself, my friends and family?

If you decide to continue using the platform, keep these privacy tips in mind, as they’re integral to staying safe in a world designed exclusively to collect your data. On Facebook especially, you’ll want to be aware of privacy settings around things like geolocation. You’ll also want to make sure to set your individual posts and your profile privacy to their highest possible setting.

As a user of the web, you’ll not only have to make sure your accounts have the highest privacy and security settings, but you’ll have to be aware of events like the Cambridge Analytica scandal so that you can be alerted to potential threats to your privacy. To keep up with developing and ongoing tech news stories, continue reading our technology blog, where we detail the most important stories and how they affect you directly.