Meta Fined €251 Million by Irish Regulator Over Facebook Data Breach

Meta, the parent company of Facebook, has been fined €251 million ($263 million) by the Irish Data Protection Commission (DPC) for a data protection failure that allowed hackers to access millions of Facebook accounts.

The breach, which occurred over a two-week period in 2018, was linked to a security flaw in Facebook’s video upload feature. Hackers exploited this vulnerability to gain unauthorized access to approximately 29 million accounts worldwide. The exposed personal data included email addresses, phone numbers, locations, and places of work.

Graham Doyle, head of communications at the DPC, criticized Meta for failing to incorporate adequate data protection measures during the platform’s design and development. “The failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” Doyle stated.

He added that the breach had created significant risks for users. “By allowing unauthorized exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”

Meta Ireland and its U.S. parent company addressed the breach shortly after discovering it in September 2018, reporting the incident to the DPC. However, the regulator found that the security lapse posed a serious threat to users’ data and warranted a substantial penalty.

This fine is the latest in a series of penalties imposed on Meta and other major tech firms as global authorities tighten their scrutiny of data privacy practices. In September, the DPC fined Meta €91 million for failing to implement sufficient safeguards to protect user passwords and for delaying the reporting of an issue to the regulator.

The Irish DPC plays a significant role in overseeing data privacy for EU citizens, as many major tech companies, including Meta, have their European headquarters in Ireland. The regulator has taken a leading position in enforcing the EU’s General Data Protection Regulation (GDPR), which imposes strict standards for handling user data.

Meta has faced increasing pressure from regulators globally to enhance its privacy measures and protect users’ personal information. The company has previously pledged to strengthen its security protocols and ensure greater accountability in its data protection practices.

This latest fine underscores the growing emphasis on holding tech giants accountable for data breaches that compromise user privacy, with regulators sending a clear message about the importance of robust data security.