Finance
EU privacy regulator fines Meta 251 million euros for 2018 breach
Global Banking & Finance Review®
Company
DUBLIN (Reuters) -The lead European Union data privacy regulator for Meta fined the social media giant 251 million euros ($263.5 million) on Tuesday for a 2018 Facebook security breach that affected 29 million users.
DUBLIN (Reuters) -The lead European Union data privacy regulator for Meta fined the social media giant 251 million euros ($263.5 million) on Tuesday for a 2018 Facebook security breach that affected 29 million users.
Meta notified Ireland’s Data Protection Commission at the time that cyber attackers had exploited a vulnerability in Facebook’s code that impacted the “View As” feature that lets users see what their own profile looks like to someone else.
That led to a breach in personal data including users’ full name, contact details, location, place of work, date of birth, religion, gender and their children’s personal data, the DPC said.
“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data,” DPC Deputy Commissioner Graham Doyle said in a statement.
Meta remedied the breach shortly after its discovery, the DPC said. Of the 29 million Facebook accounts impacted globally, about 3 million were based in the EU and European Economic Area.
The DPC is the lead EU regulator for most of the top U.S. internet firms due to the location of their EU operations in Ireland.
It has so far fined Meta almost 3 billion euros for breaches under the bloc’s General Data Protection Regulation (GDPR) introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing.
Meta said it will also appeal Tuesday’s decision and that it has a wide range of measures in place to protect users across its platforms.
“We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission,” a spokesperson for Meta said in a statement.
($1 = 0.9527 euros)
(Reporting by Padraic Halpin; Editing by Sachin Ravikumar and Jan Harvey)
A data breach occurs when unauthorized individuals gain access to sensitive information, often leading to the exposure of personal data.
GDPR is a comprehensive data protection law in the EU that governs how personal data is processed and stored, ensuring individuals' privacy rights.
A cybersecurity vulnerability is a weakness in a system that can be exploited by attackers to gain unauthorized access or cause harm.
Personal data refers to any information that relates to an identified or identifiable individual, including names, contact details, and demographic information.
A data protection regulator oversees compliance with data protection laws, ensuring organizations handle personal data responsibly and protect individuals' rights.
Explore more articles in the Finance category
