Yazılar

Meta’s Irish Division Penalized $264 Million for Data Breach

/in /tarafından

Meta Fined $264 Million Over 2018 Data Breach Impacting 29 Million Users

Meta Platforms’ Irish division has been fined €251 million ($264 million or approximately Rs. 2,242 crore) by Ireland’s Data Protection Commission (DPC) following two investigations into a 2018 data breach. The breach reportedly exposed the personal data of 29 million Facebook users globally, including full names, email addresses, phone numbers, timeline posts, and group memberships.

Breach Details and Global Impact

The breach was first reported by Meta Platforms Ireland Limited in September 2018. According to the DPC’s findings, the data of around three million users in the European Union and European Economic Area was compromised. The breach occurred due to unauthorized third-party exploitation of user tokens on Facebook. Meta and its US parent company addressed the issue shortly after it was discovered.

GDPR Violations and Findings

The DPC concluded that Meta violated General Data Protection Regulation (GDPR) rules by failing to adequately document details of the breach and the corrective measures taken. Additionally, Meta was found to have breached GDPR’s requirement to ensure that only data necessary for specific purposes is processed by default.

Meta’s Response and Prior Fines

In a statement, a Meta spokesperson highlighted that the company had taken immediate action to address the breach, notified affected users, and implemented measures to prevent future incidents. Earlier this year, the Irish watchdog fined Meta €91 million ($95.6 million or approximately Rs. 812 crore) over an investigation related to password storage practices.

AT&T and Verizon Acknowledge Salt Typhoon Cyberespionage, Networks Secured

/in /tarafından

AT&T and Verizon confirmed on Saturday that their systems were targeted by Salt Typhoon, a Chinese-linked cyberespionage operation, but assured the public that their U.S. networks are now secure. Both companies are collaborating with law enforcement and government agencies to assess and mitigate any remaining risks.

An AT&T spokesperson stated, “We detect no activity by nation-state actors in our networks at this time.” They added that the People’s Republic of China targeted a small group of individuals with foreign intelligence value. While only limited information was compromised, AT&T continues to monitor and remediate its networks to safeguard customer data.

Verizon, in its statement, reported similar containment efforts. Chief Legal Officer Craig Silliman said, “We have not detected threat actor activity in Verizon’s network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident.” The containment has been independently verified by a respected cybersecurity firm.

The U.S. Department of Defense and Federal Communications Commission have not commented on the incident. However, on Friday, officials added a ninth unnamed telecom company to the list of victims. Hackers affiliated with Salt Typhoon allegedly gained extensive access to telecom networks, enabling them to geolocate millions of individuals and intercept phone calls at will.

Chinese officials have dismissed such allegations as disinformation, maintaining that Beijing opposes cyberattacks in all forms. Previous reports linked the Salt Typhoon operation to theft of telephone audio intercepts and call record data from companies like AT&T, Verizon, and Lumen.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded to the breach on Dec. 18 by recommending that senior government and political figures transition to end-to-end encrypted communication apps. High-profile targets of Salt Typhoon reportedly included individuals associated with Vice President Kamala Harris and former President Donald Trump’s campaigns.

Lawmakers expressed bipartisan concern over the severity of the breach. Senator Ben Ray Luján (D-NM) described it as “the largest telecommunications hack in our nation’s history,” while Senator Ted Cruz (R-TX) emphasized the urgent need to address vulnerabilities in the nation’s communications networks.

The Salt Typhoon hack has raised alarm over the scale and impact of Chinese cyberattacks on U.S. telecommunications. Both companies and government agencies face mounting pressure to assure the public about the security of the nation’s critical communication infrastructure.

EU Privacy Regulator Fines Meta 251 Million Euros for 2018 Data Breach

/in /tarafından

Meta has been fined 251 million euros ($263.5 million) by the Data Protection Commission (DPC), the lead European Union data privacy regulator, for a 2018 security breach that exposed the personal data of 29 million users on Facebook.

Details of the Breach

The breach occurred after cyber attackers exploited a vulnerability in Facebook’s “View As” feature, which allowed users to see how their profile appeared to others. This vulnerability led to the exposure of sensitive personal data, including users’ full names, contact details, location, place of work, date of birth, religion, gender, and in some cases, children’s personal information.

According to Graham Doyle, Deputy Commissioner at the DPC, the breach posed a significant risk for the misuse of this data. Although the breach affected 29 million accounts globally, 3 million of those were in the EU and the European Economic Area (EEA).

Meta’s Response and Penalty

Meta addressed the issue shortly after the breach was discovered and took action to remedy the vulnerability. Despite this, the DPC imposed a fine under the EU’s General Data Protection Regulation (GDPR), which has led to significant penalties for Meta in recent years. To date, Meta has been fined almost 3 billion euros for breaches under GDPR, including a record 1.2 billion euros fine in 2023 related to data privacy violations, which Meta is currently appealing.

Meta’s Appeal

Meta has announced its intention to appeal the fine and reiterated its commitment to protecting users’ privacy. A company spokesperson stated, “We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission.”

Broader Context

The DPC oversees the majority of large U.S. internet companies operating in the EU, as these firms have their European operations based in Ireland. This fine marks another chapter in the EU’s ongoing efforts to enforce data protection regulations under the GDPR, which was introduced in 2018 to strengthen privacy rights across the region.