Meta, the parent company of Facebook, has been fined €251 million ($263.5 million) by Ireland’s Data Protection Commission (DPC) for a significant security breach that exposed the personal data of millions of users. The fine, announced on Tuesday, is related to a 2018 breach that affected 29 million Facebook accounts globally.
According to Reuters, the breach was caused by a vulnerability in Facebook’s code, specifically targeting the “View As” feature. This feature allows users to see how their profile appears to others. The cyberattack, which exploited this flaw, resulted in unauthorized access to a wide range of personal information, including names, contact details, locations, dates of birth, gender, religious beliefs, workplace information, and even data about users’ children.
In a statement, DPC Deputy Commissioner Graham Doyle described the breach as a serious security risk, stating, “By allowing unauthorized exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
While Meta quickly addressed the vulnerability and resolved the breach after it was discovered, the impact of the attack was far-reaching. Out of the 29 million affected accounts, approximately 3 million were located within the European Union and European Economic Area.
Related: Court Reinstates Phhhoto’s Antitrust Case Against Meta, Accusing Algorithm Manipulation
The DPC, which serves as the lead regulator for many of the top U.S. tech companies operating in Europe, has levied substantial fines on Meta under the EU’s General Data Protection Regulation (GDPR) since its implementation in 2018. This latest fine brings the total penalties against Meta to nearly €3 billion. Notably, the company is currently appealing a record €1.2 billion fine imposed in 2023.
Meta has expressed its intention to appeal the latest penalty, asserting that it has implemented a range of measures to enhance user privacy and security across its platforms. The social media giant continues to face scrutiny as the DPC and other regulators closely monitor compliance with GDPR standards.
Source: Reuters
Featured News
Norton Rose Adds Antitrust Partners in Italy
Jan 20, 2025 by
CPI
Antitrust Lawsuit Over Google’s Search Monopoly Proceeds in CA Court
Jan 20, 2025 by
CPI
Digital Markets Act at Two Years: Enforcement in a Shifting Political Climate
Jan 20, 2025 by
CPI
EU Expands Tech Oversight with Updated Anti-Hate Speech Code
Jan 20, 2025 by
CPI
Cargill Settles Turkey Price-Fixing Lawsuit for $32.5 Million
Jan 20, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Pharmacy Benefit Managers
Jan 20, 2025 by
CPI
Untangling the PBM Mess
Jan 20, 2025 by
CPI
Using Data, Not Anecdotes, to Analyze Criticisms of Pharmacy Benefit Managers
Jan 20, 2025 by
CPI
Vertical Integration and PBMs: What, Me Worry?
Jan 20, 2025 by
CPI
The Economics of Benefit Management in Prescription-Drug Markets
Jan 20, 2025 by
CPI