Just to give a bit of background on the Kogan breach and Facebook, we took evidence in Washington from Facebook in February. We asked them about whether there had been data breaches, whether Cambridge Analytica had acquired large amounts of Facebook user data, and when there'd last been a breach. We didn't get answers on any of those issues. The company knew about this issue at the time. It didn't disclose it to us. They're not able to explain now why that was the case. With Mike Schroepfer, we asked about that at length when he gave evidence to us last week.
We find all of that deeply concerning, because I think what would have been an honest answer to those questions would have been to say, “Yes, we are aware of breaches by developers. This is what happened. This is the action we took. This is what we do to satisfy ourselves that this has been contained.”
Mark Zuckerberg was asked in Congress about other developers doing similar things. We asked Mike Schroepfer about this last week. There are still no answers from Facebook about that. I think the concern we share is that if it was so easy for Dr. Kogan to do this work, probably lots of other people could have done it too. And who else did it? Did Dr. Kogan work with other people? Did other people share those techniques? Was this practice quite widespread?
It wouldn't at all surprise me, in that regard, that there could be a black market in this sort of user data. I have not seen evidence of it yet myself, but if people like Sandy Parakalis are telling us that a huge amount of data was taken and no one knows what happened to it, then it wouldn't be at all surprising if it were being traded in that way.