Sophie Blake
Meta has been fined €91 million ($101.5 million) for improperly storing user passwords without adequate protection. The fine, issued by Ireland’s Data Protection Commission (DPC), highlights the ongoing scrutiny of tech giants under the EU’s stringent General Data Protection Regulation (GDPR).
The investigation began five years ago after Meta disclosed to the DPC that some users’ passwords had been stored in plaintext, a serious security lapse that left the data vulnerable to potential misuse. Although Meta publicly acknowledged the mistake at the time, the DPC emphasized the importance of encrypted password storage to prevent unauthorized access. According to Deputy Commissioner Graham Doyle, “User passwords should never be stored in plaintext due to the high risk of abuse if accessed.”
Meta quickly responded to the issue when it was identified during a 2019 security audit. A company spokesperson stated that immediate action was taken to rectify the problem and that there was no evidence of any improper access or misuse of the exposed passwords. Throughout the investigation, Meta engaged cooperatively with the DPC, aiming to address the regulatory concerns and prevent future security lapses.
While Meta has been fined multiple times under the GDPR since its inception in 2018, this penalty marks the latest in a series of actions by the DPC. With this most recent fine, Meta’s total fines now exceed €2.5 billion, including a record-breaking €1.2 billion penalty in 2023, which the company is actively appealing. As the lead regulator for many U.S. tech companies operating in the EU, Ireland’s DPC remains at the forefront of enforcing GDPR compliance, ensuring that privacy and data security remain a top priority for these global firms.
Comments
Loading…