A significant fine of 251 million euros has been imposed on Meta, the parent company of Facebook, Instagram, and WhatsApp, by the Irish Data Protection Authority (DPC). This decision follows two investigations into Meta Platforms Ireland Limited (MPIL) that were initiated after a major data breach in 2018, which affected 29 million Facebook accounts, including three million within the European Union (EU).
The compromised data included sensitive information such as full names, email addresses, phone numbers, locations, workplaces, dates of birth, religions, genders, timeline posts, group memberships, and even children’s personal data.
Unauthorized Third-Party Access
The data breach occurred due to the exploitation of Facebook username tokens by unauthorized third-party agents. Although MPIL and Meta took swift action to remedy the situation, the incident highlights the importance of incorporating data protection measures throughout the design and development process.
The Irish regulator emphasized that the failure to do so can expose individuals to serious risks and harm, including the potential misuse of sensitive information. Facebook profiles often contain personal data that users may only want to disclose in specific circumstances, making the unauthorized exposure of this information a serious concern.
This is not the first time Meta has faced a significant fine in Ireland. In May 2023, the company was fined 1.2 billion euros for violating data privacy, the largest penalty imposed in the European Union to date.