Meta Faces €251 Million Fine Over 2018 Facebook Data Breach
In September 2018, a major security breach exposed personal data from over 50 million Facebook accounts, with around 3 million of those users based in EU countries. The breach involved unauthorized third parties exploiting user tokens on Facebook’s platform, allowing them to access sensitive information, including users’ full names, email addresses, phone numbers, places of residence, workplaces, dates of birth, religions, genders, posts, group memberships, and even data on their children.
Meta Platforms Ireland Limited (MPIL), along with its US parent company, swiftly addressed the issue upon discovering the breach. However, the Irish Data Protection Commission (DPC) has now imposed a hefty €251 million fine on Meta Ireland in response to the breach and its aftermath.
The fine is due to several failures in Meta’s handling of the situation. The company failed to provide all required details in its data breach notification, resulting in a €8 million fine. Additionally, MPIL did not properly document the breach’s facts and steps taken to remedy the situation, leading to another €3 million fine. The DPC also found that Meta failed to protect data protection principles during the design of its processing systems, resulting in a €130 million fine, and did not ensure that only the necessary personal data was processed, which led to a €110 million fine.
Meta is expected to appeal the fines, which further highlights ongoing concerns over data protection and privacy in the tech industry.