Meta faces a fine of USD 275 Million (265 million Euros) from Ireland’s Data Protection Commission following the April 2021 data leak, which saw the personal information of over 533 million users leaked.
The Irish Data Regulator began investigating the leak shortly after the story about the threat to users’ data security and privacy broke. The organization has investigated whether Meta’s data security management policies adhered to the European GDPR (General Data Protection Regulation) laws.
The Fine Stems from a Huge Data Leak Exposing Sensitive Data of Millions of Facebook Users.
The leaked information in April exposed millions to
data security threats by exposing the complete names, locations, phone numbers, emails, marital status, and dates of birth of 533 million users of the platform from 2018 to 2019.
When news of the leak emerged, Meta claimed that the stolen information was accessed through a vulnerability that had already been identified and fixed in 2019.
How Was the Data Stolen By Threat Actors During the 2019-19 Data Breach?
The data leaked by the threat actors were “old data” stolen through the act of “phone number enumeration” using a contact importer. This allowed hackers to upload a huge amount of phone number data to find matches on the site. Meta ceased allowing users to retrieve data using their phone numbers later that year.
The firm has also released statements and blog posts detailing the security processes now in place to remove the possibility of data scraping by threat actors on their platform.
The DPC has Levied Several Multi-Million Dollar Fines Against Meta Platforms Facebook, Instagram, and WhatsApp.
This latest fine marks the third occasion this year that the DPC has fined the social media giant for its data security and privacy practices.
- In March of this year, Meta faced a fine of USD 18.6 million in relation to lousy record-keeping and security practices uncovered during an investigation into a 2018 data breach. The breach exposed the sensitive information of approximately 30 million users of Facebook.
- September 2022 saw another fine of 402 Million EUR levied against Meta due to the data security practices of the photo-sharing site Instagram regarding the information they held on teenage users. The platform was criticized for displaying the contact information of teenagers on the pages of those holding business accounts.
This latest fine makes almost $700 million that the DPC has to find Meta this year.
And this is not the first year that the social media organization has run afoul of Ireland’s Data Protection Commission. In 2021 Meta faced a fine of USD 267 million when WhatsApp was found to have violated European data security and privacy laws.
Along with this latest fine, the DPC has ordered Meta’s Irish organizational wing to ensure that it follows the future European data security and processing laws.