Meta fined more than 250 million euro by Irish data commission following breach
The data breach affected some 29 million Facebook accounts across the world.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Meta has been fined more than 250 million euro (£206 million) by the Irish Data Protection Commission over a data breach.
The breach affected approximately 29 million Facebook accounts globally, of which some three million were based in the EU/EEA.
It was reported by Meta in September 2018.
By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data
The personal data involved in the breach included account users’ full names, email addresses, phone numbers, locations, places of work, dates of birth, religions, genders, posts on timelines, groups of which a user was a member and children’s personal data.
It arose from the exploitation by unauthorised third parties of user tokens on the Facebook platform. The breach was remedied by Meta in Ireland and its US parent company shortly after its discovery.
The decisions in relation to the breach, which were made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, included a number of reprimands and an order to pay administrative fines totalling 251 million euro.
DPC Deputy Commissioner Graham Doyle said a grave risk of misuse of data had been caused.
“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” he said.
“Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances.
“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”