A glitch in the Google+ social network exposed the personal data of hundreds of thousands of users between March 2015 and this spring, The Wall Street Journal reports. Though serious, the breach was relatively small—especially compared to Facebook’s Cambridge Analytica scandal, which involved tens of millions of users. In this case, Google+’s unpopularity—a rare, high-profile embarrassment—is finally something of a boon.
But the real scandal here isn’t the breach itself. It’s Google’s response. The company did not disclose the vulnerability and exposure of data because it feared that it would lead to negative press coverage and regulatory scrutiny. “A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger ‘immediate regulatory interest’ and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica,” the Journal reports. Google CEO Sundar Pichai was “briefed on the plan not to notify users.”
Google released a statement after the story was published announcing that it was shutting down Google+, but denying that any data was used improperly, a la Cambridge Analytica. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.” It’s possible that Google was looking to avoid drawing attention to its larger record on user privacy. During the Cambridge Analytica scandal, many argued that Google’s privacy abuses were as bad, if not worse than Facebook’s. And Google drew bipartisan criticism for skipping a congressional hearing about social media and misinformation in September.