The Colorado law firm that is taking on Facebook over a data breach that affected millions of users is taking aim at another internet giant — Google Plus.

Franklin D. Azar & Associates, which advertises as “The Strong Arm,” filed a lawsuit this week in U.S. District Court of the Northern District of California over a breach that potentially exposed the personal information of hundreds of thousands of users. The firm, which is seeking class-action status for the lawsuit, claims Google knew for months about a software glitch in its social network Google Plus that exposed the data before making a public announcement Oct. 8.

In a blog post, Google said the data leak potentially affected up to 500,000 users and that “up to 438 applications may have used this API,” or application programming interface. The company said it found no evidence that any developers were aware of the glitch or that any information was were misused.

However, the lawsuit by Azar & Associates says Google’s records are insufficient to confirm whether any misuse occurred. The data breach has caused significant harm to the two Colorado residents listed as plaintiffs and others by allowing third parties to access their personal information without their consent, the lawsuit says.

“Google has been on notice of deficiencies regarding its policies involving the retention of user data since 2010” and agreed to a proposed settlement in March 2011 after that contained a consent decree with the Federal Trade Commission, according to the lawsuit.

Google plans to shut down the social network.

The lawsuit says the data breach violated laws in Colorado and California, where Google is based, regarding invasion of privacy, unfair business practices and breach of contract. The firm is seeking unspecified damages.

The claims are similar to those made by Azar & Associates in a lawsuit filed Oct. 11 against Facebook for a recent breach of its system that potentially exposed the personal information of about 30 million users.

Facebook has said hackers exploited a vulnerability in its “View As” feature, which lets people see what their own profile looks like to someone else. Attackers were able to steal Facebook access tokens, the equivalent of digital keys that keep people logged on so they don’t have to re-enter their Facebook password.

Both Facebook and Google have come under fire from Congress, which recently summoned social-media executives to testify about breaches of personal information.