Meta, the parent company of Facebook, has been fined €251 million ($263.5 million) by Ireland’s Data Protection Commission (DPC) for a significant security breach that exposed the personal data of millions of users. The fine, announced on Tuesday, is related to a 2018 breach that affected 29 million Facebook accounts globally.
According to Reuters, the breach was caused by a vulnerability in Facebook’s code, specifically targeting the “View As” feature. This feature allows users to see how their profile appears to others. The cyberattack, which exploited this flaw, resulted in unauthorized access to a wide range of personal information, including names, contact details, locations, dates of birth, gender, religious beliefs, workplace information, and even data about users’ children.
In a statement, DPC Deputy Commissioner Graham Doyle described the breach as a serious security risk, stating, “By allowing unauthorized exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
While Meta quickly addressed the vulnerability and resolved the breach after it was discovered, the impact of the attack was far-reaching. Out of the 29 million affected accounts, approximately 3 million were located within the European Union and European Economic Area.
Related: Court Reinstates Phhhoto’s Antitrust Case Against Meta, Accusing Algorithm Manipulation
The DPC, which serves as the lead regulator for many of the top U.S. tech companies operating in Europe, has levied substantial fines on Meta under the EU’s General Data Protection Regulation (GDPR) since its implementation in 2018. This latest fine brings the total penalties against Meta to nearly €3 billion. Notably, the company is currently appealing a record €1.2 billion fine imposed in 2023.
Meta has expressed its intention to appeal the latest penalty, asserting that it has implemented a range of measures to enhance user privacy and security across its platforms. The social media giant continues to face scrutiny as the DPC and other regulators closely monitor compliance with GDPR standards.
Source: Reuters
Featured News
Judge Rules 5-Hour Energy Maker Gave Costco Unequal Deals, But No Antitrust Violation Found
May 29, 2025 by
CPI
EU Threatens Apple With Ongoing Fines For Non-Compliance With DMA
May 29, 2025 by
CPI
EU Expands Antitrust Probe Into Visa and Mastercard Fees, Seeks Industry Input
May 29, 2025 by
CPI
House Bill Could Strip Cities of Authority to Regulate Rent Algorithms
May 29, 2025 by
CPI
UK Regulators Approve $3.1 Billion SES-Intelsat Merger, Paving Way for Satellite Industry Shake-Up
May 29, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Industrial Policy
May 21, 2025 by
CPI
Industrial Strategy and the Role of Competition – Taking a Business Lens
May 21, 2025 by
Marcus Bokkerink
Industrial Policy, Antitrust, and Economic Growth: Some Observations
May 21, 2025 by
David S. Evans
Bolder by Design: Crafting Pro-Competitive Industrial Policies For Complex Challenges
May 21, 2025 by
Antonio Capobianco & Beatriz Marques
Competition-Friendly Industrial Policy
May 21, 2025 by
Philippe Aghion, Mathias Dewatripont & Patrick Legros