In another blow to embattled Facebook, British and US lawyers have launched a class action lawsuit against the social media giant, along with Cambridge Analytica and two other companies for allegedly misusing the data of over 87 million people.

The suit claims that Facebook failed to act responsibly when alerted to Cambridge Analytica’s misuse of Facebook user data, which is believed to have been used to affect the outcomes of the British EU Referendum and 2016 Presidential Election. It also comes as Facebook founder Mark Zuckerberg faces intense scrutiny in front of the US Congress (which we’ve blogged about here and Facebook’s share value plummets.

Lawyers leading the class action in the UK claim that Facebook has “effectively abused the human right to privacy… and then the fruits of that abuse are alleged to have undermined the democratic process”. The US legal team has vowed to hold Facebook accountable, bringing the suit under the US Stored Communications Act, which could reportedly see Facebook required to pay out more than USD70 billion in damages for the leaked profiles of citizens across the UK, US, Canada, India and Australia.

As the scandal continues to grow, and to bring attention to systemic weaknesses in Facebook’s access controls, the question must be asked – how many more (like Cambridge Analytica) have exploited these flaws in Facebook’s structure? Indeed, Facebook has confessed to another unrelated data leak affecting more than a billion profiles (see here), but has not provided any further information about this leak. Could it be that what has come to light in the past few weeks is just the tip of the iceberg?

Earlier this week we blogged about the Facebook tool for users to check whether their personal data has been caught in the Cambridge Analytica scandal. There’s been radio silence from Facebook about whether users will be informed if their data has been leaked in any other data breaches.