Meta Fined €251m for 2018 Data Breach Affecting 29 Million Users
Meta, the parent company of Facebook, has been slapped with a €251m fine by the Irish Data Protection Commission (DPC) for a 2018 data breach that compromised 29 million user accounts. The breach, which occurred under the leadership of Mark Zuckerberg, exposed sensitive user information, including personal details and group memberships.
The breach, which took place in 2018, affected around three million EU-based accounts. It exposed a wide range of personal data, including full names, email addresses, phone numbers, locations, places of work, dates of birth, religion, gender, posts on timelines, group memberships, and even children's personal data. The DPC argued that the breach risked exposing sensitive user information, such as religious or political beliefs and sexual orientation.
Meta's failure to properly notify the breach, document it, follow data protection principles in system design, and limit data processing to necessary purposes led to the hefty fine. The company has been ordered to take immediate action to prevent similar incidents in the future.
The €251m fine, which is equivalent to around $263m, is one of the largest penalties imposed under the EU's General Data Protection Regulation (GDPR). Meta has accepted the penalty and is committed to improving its data protection measures to prevent future breaches. The company has been working closely with the DPC to address the issues raised and ensure compliance with data protection laws.
