Meta hit with $263m fine over 2018 Facebook data breach

3 days ago 3

  • Meta has been hit with a €251 million GDPR fine
  • Punshment follows Facebook data breach incident in 2018
  • Ireland's Data Protection Commission is yet to collect many of the fines

Meta has received yet another GDPR fine, with the parent company of Facebook, Instagram and WhatsApp facing a €251 million (around $263 million) hit following a 2018 data breach which exposed around 29 million Facebook accounts globally, 3 million of which were EU-based users.

Ireland’s Data Protection Commission (DPC) has been one of Europe’s leading regulatory bodies when it comes to holding tech firms to account, handing out huge penalties for GDPR violations, including the largest ever GDPR fine, a $1.3 billion charge, also against Meta, for data handling.

The most recent violations refer to the attack in which malicious actors used the ‘view as’ feature, which ordinarily allows users to see what their account looks like to their friends and family, to steal access tokens in order to take over the users account.

Millions of users affected

Of the users whose tokens were stolen, 15 million had their phone numbers and email addresses exposed, and a further 14 million also had their usernames, gender, relationship status, and location check-ins accessed. One million lucky users targeted had no data stolen.

Following the breach, the DPC found Facebook infringed GDPR by not including enough information in its breach notification, failing to properly document the facts of the incident. The DPC also found the company failed to ensure the data protection principles were protected, and that Facebook had failed in its ‘obligation as controllers’ to ensure that only necessary personal data is processed.

“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” said DPC Commissioner Graham Doyle.

This may seem like a hefty fine, and it is, but the reality of these GDPR fines is not quite what it seems. So far, only 1% of these DPC fines have been collected, so there's a chance this fine could also get tied up in the appeals process indefinitely.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

You might also like

Read Entire Article