Meta, the parent company of Facebook, has been fined 251 million euros ($263.5 million) by the European Union’s data privacy regulator for a security breach that occurred in 2018. The breach, which impacted 29 million Facebook users globally, exposed sensitive personal information.
The Irish Data Protection Commission (DPC), the lead EU regulator for Meta, revealed that the breach occurred due to vulnerabilities in Facebook’s “View As” feature. This feature allows users to see how their profile appears to others. Cyber attackers exploited this flaw, leading to unauthorised access to personal data.
The compromised information included users’ full names, contact details, locations, workplaces, dates of birth, religions, genders, and even their children’s personal details, reports Reuters.
Also read: EU levies over Rs 7,000 crore fine on Meta over abusive practices on Facebook Marketplace
DPC Deputy Commissioner Graham Doyle emphasised the seriousness of the breach, stating, “By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
Meta identified and fixed the issue soon after it was discovered in 2018. The company also informed the affected users and reported the incident to the Irish DPC. A spokesperson for the company said, “We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission.” Of the 29 million impacted accounts, approximately 3 million belonged to users in the European Union and the European Economic Area.
Since the implementation of the General Data Protection Regulation (GDPR) in 2018, Meta has faced nearly 3 billion euros in fines for various data protection violations. This includes a record-breaking 1.2 billion euro fine earlier in 2023, which Meta is currently appealing.
Also read: Google, Meta, TikTok under pressure to pay for news or face financial penalties
As privacy concerns continue to grow, this latest fine serves as a reminder of the critical importance of safeguarding user data in today’s digital world.