Facebook founder and CEO Mark Zuckerberg had trouble Wednesday reassuring Rep. Jan Schakowsky that the data breach of user information was limited to Cambridge Analytica.
“You said yesterday that [Aleksandr] Kogan also sold data to other firms. You named Eunoia Technologies. How many are there total and what are their names? Can we get that?” the Illinois Democrat asked Zuckerberg during a House Energy and Commerce Committee hearing.
Kogan was a researcher who developed the personality app that allowed British-based data firm Cambridge Analytica to improperly obtain the information of more than 87 million Facebook users — a revelation that has forced Zuckerberg to do damage control on Capitol Hill this week.
When pushed by Schakowsky on Wednesday, Zuckerberg admitted Kogan had given the data to other firms.
“We can follow up with you to make sure you get all that information,” he said.
Schakowsky demanded to know the “magnitude” of the breach.
“I don’t believe it was a large number, but as we complete the audits, we will know more,” Zuckerberg said, before admitting it was “a handful.”
Zuckerberg told Schakowsky Facebook asked the companies to delete the user data in 2015, but that they might not have done so despite saying otherwise.
“In 2015, when we first learned about it, we immediately demanded that the app developer and the firms that he sold it to, delete the data. And they all represented it to us that they had. It wasn’t until about a month ago that new reports surfaced that suggested that they hadn’t, which is what has kicked off us needing now go do this this full audit and investigation and investigate all these other apps that have come up,” he explained.
Zuckerberg said the audits into every app on Facebook, as well as the firms that could have the data, needs to be done before he can “stand up here confidently and say what they’ve done.”
The audit of the apps — “tens of thousands” — could take “many months,” he said.
“There are tens of thousands of apps that had large amounts of people’s information before we locked down the platform in 2014,” Zuckerberg said, adding that if users’ data was misused, they will be banned from using Facebook.
The Guardian and Observer revealed last month that Facebook sent a letter to Cambridge Analytica in 2015 asking them to delete the user data they improperly obtained. However, Facebook did not audit Cambridge Analytica after the letter to ensure the data was deleted.
[Related: 9 key moments from Mark Zuckerberg’s testimony on Capitol Hill]
