An Irish regulator, overseeing data privacy in the European Union, announced on Tuesday that it had imposed a €251 million ($263 million) fine on Meta, the owner of Facebook, due to a data protection failure that led to hacking of Facebook accounts.
The Data Protection Commission (DPC) criticized Meta for a security vulnerability in its video upload feature, which hackers exploited to gain full access to users’ Facebook profiles. Over a two-week span in 2018, unauthorized individuals were able to hack approximately 29 million Facebook accounts globally.
The compromised data included personal details such as email addresses, phone numbers, locations, and employment information.
Graham Doyle, the DPC’s head of communications, stated, “Failure to integrate data protection measures during the design and development phase can expose individuals to serious risks, including threats to their fundamental rights and freedoms.” He further noted that the breach’s vulnerabilities significantly increased the risk of misuse of the exposed data.
Meta Ireland and its parent company in the US addressed the issue soon after it was discovered and reported it to the DPC in September 2018.
This fine is part of a series of penalties imposed on Meta and other tech companies as global regulators continue to scrutinize the practices of major social media platforms. In September, the DPC had fined Meta €91 million for mishandling users’ password data and for delays in informing the regulator about the issue.
