Meta Fined $264 Million Over 2018 Data Breach Impacting 29 Million Users
Meta Platforms’ Irish division has been fined €251 million ($264 million or approximately Rs. 2,242 crore) by Ireland’s Data Protection Commission (DPC) following two investigations into a 2018 data breach. The breach reportedly exposed the personal data of 29 million Facebook users globally, including full names, email addresses, phone numbers, timeline posts, and group memberships.
Breach Details and Global Impact
The breach was first reported by Meta Platforms Ireland Limited in September 2018. According to the DPC’s findings, the data of around three million users in the European Union and European Economic Area was compromised. The breach occurred due to unauthorized third-party exploitation of user tokens on Facebook. Meta and its US parent company addressed the issue shortly after it was discovered.
GDPR Violations and Findings
The DPC concluded that Meta violated General Data Protection Regulation (GDPR) rules by failing to adequately document details of the breach and the corrective measures taken. Additionally, Meta was found to have breached GDPR’s requirement to ensure that only data necessary for specific purposes is processed by default.
Meta’s Response and Prior Fines
In a statement, a Meta spokesperson highlighted that the company had taken immediate action to address the breach, notified affected users, and implemented measures to prevent future incidents. Earlier this year, the Irish watchdog fined Meta €91 million ($95.6 million or approximately Rs. 812 crore) over an investigation related to password storage practices.
