Meta has been fined €251 million (around $263 million) in the European Union for a Facebook security breach that affected millions of user, which the company disclosed back in September 2018, TechCrunch reported.
The penalty, issued on Tuesday by Ireland’s Data Protection Commission (DPC) enforcing the bloc’s General Data Protection Regulations (GDPR), is far from being the largest GDPR fine Meta has been hit with since the regime came into force over five years ago. Still, it is notable as its a substantial sanction for a single security incident.
The breach dates back to July 2017, when Facebook rolled out a video upload function that included a “View as” feature, which let the user see their own Facebook pages a it would be seen by another user.
On Tuesday, the Irish regulator issued its final decisions on two inquiries it had opened into the 2018 incident: One decision covers Meta’s breach notification, as the GDPR requires prompt and comprehensive reporting of major security incidents, while the other concerns rules on data protection by design and default.
The Irish Data Protection Commission fines Meta €251 million. From the press release:
The Irish Data Protection Commission (DPC) has today announced its final decisions following two inquires into Meta Platforms Ireland Limited (‘MPIL’). These own-volition inquires were launched by the DPC following a persona data breach, which was reported by MPIL in September 2018.
This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA. The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data.
The breach was remedied by MPIL and its US parent company shortly after its discovery.
Reuters reported: The lead European Union data privacy regulator for Meta fined the social media giant 251 million euros ($263.5 million) on Tuesday for a 2018 Facebook security breach that affected 29 million users.
Meta notified Ireland’s Data Protection Commission at the time that cyber attackers had exploited a vulnerability in Facebook’s code that impacts the “View As” feature that lets users see what their own profile looks like to someone else.
Meta remedied the breach shortly after its discovery, DPC said. Of the 29 million Facebook accounts impacted globally, about 3 million were based on the EU and European Economic Area.
The DCP is the lead EU regulator for most of the top U.S. Internet firms due to the location of their EU operations in Ireland.
In my opinion, it seems like the DCP is displeased with Meta’s inability to prevent Facebook users from being hacked by cyber attackers.