Sophie Blake
The European Union’s lead data privacy regulator has imposed a €251 million ($263.5 million) fine on Meta, the parent company of Facebook, for a security breach dating back to 2018. The incident compromised the personal data of 29 million Facebook users, including 3 million based in the EU and European Economic Area, according to Ireland’s Data Protection Commission (DPC).
The breach stemmed from a vulnerability in Facebook’s “View As” feature, which allows users to preview their profiles as others would see them. This flaw exposed sensitive personal information such as names, contact details, locations, workplaces, dates of birth, religious affiliations, gender, and even details about users’ children. The DPC’s Deputy Commissioner, Graham Doyle, described the breach as a “grave risk of misuse” due to the type of data exposed.
Meta promptly fixed the issue after its discovery and notified the Irish regulator, as well as the affected users, at the time. In a statement, a Meta spokesperson emphasized the company’s swift action: “We took immediate measures to address the vulnerability, proactively informed those impacted, and worked closely with the Irish Data Protection Commission.”
The company has announced plans to appeal the fine, maintaining that it has since implemented a robust range of security measures to protect user data across its platforms.
The penalty adds to the growing list of fines Meta has faced under the EU’s stringent General Data Protection Regulation (GDPR), which came into effect in 2018. To date, the DPC has fined Meta nearly €3 billion for various violations, including a record €1.2 billion penalty in 2023, which the company is also contesting.
Comments
Loading…