Ireland Fines Meta $263m Over Multiple Facebook Hacking

Ireland’s Data Protection Commission (DPC) has fined Meta, Facebook’s parent company, 251 million euros ($263 million) for a data protection failure that led to hackers exploiting a security flaw. The fine stems from a breach in Meta’s video upload function, which allowed hackers to gain unauthorized access to approximately 29 million Facebook accounts worldwide in 2018.

The hackers used this flaw to illegally obtain personal data, including email addresses, phone numbers, locations, and places of work. The DPC emphasized that the failure to incorporate adequate data protection measures during the design and development process exposed individuals to serious risks and violations of their fundamental rights.

Graham Doyle, the DPC’s head of communications, stated that the breach’s vulnerabilities caused a significant risk of misuse of sensitive data. While Meta Ireland and its US parent company addressed the breach shortly after it was discovered, the issue was reported to the regulator in September 2018.

This fine is the latest in a series of penalties imposed on Meta as global regulators continue to scrutinize tech companies over data privacy violations. In September, Meta was fined 91 million euros by the DPC for failing to implement measures to protect user passwords and for delaying the notification of the breach.