Oct 9 (Reuters) - Ireland’s data protection regulator said on Tuesday that it would seek more information from Alphabet Inc’s Google regarding a security issue that may have exposed the data of at least 500,000 users to hundreds of external developers.
Google said on Monday it would shut down the consumer version of its social network Google+ and tighten its data sharing policies after a “bug” potentially exposed user data that included name, email address, occupation, gender and age.
The issue was discovered and patched in March as part of a review of how Google shares data with other applications. No developer exploited the vulnerability or misused data, the company’s review found.
“The Data Protection Commission was not aware of this issue and we now need to better understand the details of the breach, including the nature, impact and risk to individuals and we will be seeking information on these issues from Google,” the Irish regulator said.
The Wall Street Journal had reported earlier on Monday that Google opted not to disclose the security issue due to fears of regulatory scrutiny, citing unnamed sources and a memo prepared by Google’s legal and policy staff for senior executives.
Google does not yet have a lead EU Supervisory authority, as the breach apparently happened before the EU’s new privacy law, the General Data Protection Regulation (GDPR), was implemented. As a result all EU data protection authorities have jurisdiction to engage with Google on the breach.
Google did not immediately respond to Reuters request for comment. (Reporting by Arjun Panchadar in Bengaluru; Editing by Shailesh Kuber)