Meta fined €251 mn over data breach affecting Facebook

The Irish Data Protection Commission (DPC) has announced decisions on two investigations into Meta Platforms Ireland related to a 2018 data breach affecting 29 million Facebook accounts globally, including 3 million within the EU/EEA. The breach exposed personal data, including names, emails, phone numbers, and sensitive profile information such as religion and political beliefs.

Meta Quest Pro VR headset
Meta Quest Pro VR headset

Following the breach caused by the exploitation of user tokens on Facebook’s platform, the DPC levied administrative fines totaling €251 million and issued reprimands for multiple violations of the General Data Protection Regulation (GDPR).

Key Findings and Fines:

Decision 1:

Article 33(3) GDPR: Failure to provide complete breach notifications. MPIL was fined €8 million.

Article 33(5) GDPR: Inadequate documentation of breach facts and remedial actions. MPIL was fined €3 million.

Decision 2:

Article 25(1) GDPR: Failure to integrate data protection principles into system design. MPIL was fined €130 million.

Article 25(2) GDPR: Failure to ensure only necessary personal data was processed by default. MPIL was fined €110 million.

Breach Details:

The breach arose from Facebook’s “View As” feature and a video upload tool, allowing attackers to exploit user tokens and access profiles. Unauthorized access occurred from September 14 to 28, 2018, exposing personal data of millions. Facebook identified the vulnerability following unusual activity and disabled the feature.

Deputy Commissioner Graham Doyle emphasized the importance of embedding data protection throughout development processes, stating:

“This enforcement action highlights how failure to build in data protection requirements can expose individuals to serious risks, including violations of fundamental rights. The unauthorized exposure of sensitive profile data presented a grave risk of misuse,” Graham Doyle said.

In October, the Data Protection Commission (DPC) has imposed a fine of €91million following an inquiry into Meta Platforms Ireland. Meta Platforms had inadvertently stored certain passwords of social media users in ‘plaintext’ on its internal systems.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest

More like this
Related

Indonesia’s fixed broadband market is benefiting from accelerating digitalization...

Global Cellular IoT Connections to Reach 5.9 bn by 2035 as 5G Advanced Accelerates Growth

The cellular IoT market is entering a new growth...

China Broadband Market Reaches 698 mn Users, Accelerates Gigabit and 10G Fiber Expansion

China’s fixed broadband market is expanding on the back...

Comcast to Spin Off NBCUniversal and Sky in Tax-Free Split, Creating Two Independent Public Companies

Comcast Corporation has announced plans to separate its media...