Google exposed user data, chose to not disclose it
Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal.[...]A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica.
Data leaks and breaches happen. They are a fact of life we're pretty much forced to accept. However, how one handles such a leak sets the willfully malicious apart from those who have the best interests of their users at heart. From Google's response - or lack thereof - to this incident we can clearly deduce to which group Google belongs.
This breach is the reason Google announced the sunsetting of the consumer-facing side of Google+ today.