Meta fined €265m by Irish privacy watchdog
Ireland’s Data Protection Commission (DPC) has issued Facebook-parent Meta a fine of €265 million, alongside a set of corrective measures, after the platform failed to prevent hackers from stealing personal information of around 533 million Facebook users in a data breach that occurred in 2019.
The Irish regulator launched an enquiry into the data leak after media reports discovered that the data, taken from more than 100 countries, had been made available online.
According to Facebook, an ‘old’ bug that was fixed back in 2019 may have caused the leak, and malicious actors had scraped the data using the social media’s contact importer tool before September 2019.
The enquiry lead to an examination of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta between 25 May 2018 and September 2019.
Personal data such as full names, phone numbers, gender, date of birth, relationship status and email addresses were exposed and among the countries effected, Egypt (44 million records), Tunisia (39 million), the USA (32 million) and the UK (11 million) had the most data stolen.
The DPC claimed that Meta violated both Article 25(1) and Article 25(2) of the GDPR rules.
“Because this data set was so large, because there had been previous instances of scraping on the platform, where the issues could have been identified in a more timely way, we ultimately imposed a significant sanction,” said data protection commissioner Helen Dixon, cited by Computing.
“The risks are considerable for individuals in terms of scamming, spamming, smishing, phishing and loss of control over their personal data so we imposed a fine of €265 million in total.”
All data protection supervisory authorities within the European Union (EU) that operated with the Irish regulator during the enquiry process agreed with the decision of the DPC.
Meta has now been asked to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe.
Ransomware is a growing threat to enterprises, with attackers taking data hostage and demanding huge payments in return. To find out more about Ransomware and what your company can do about it, check out TechInformed’s Ransomware series by CLICKING HERE.
Subscribe to our Editor's weekly newsletter