A PYMNTS Company

Meta Fined by EU for Data Protection Breach

By  |  September 29, 2024

The European Union’s leading privacy watchdog has imposed a €91 million ($101.5 million) fine on Meta (META.O) for inadvertently storing some users’ passwords in an unencrypted format. According to a Reuters report, the fine was levied by Ireland’s Data Protection Commission (DPC), marking the latest in a series of penalties against the social media giant under the EU’s stringent privacy laws.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The investigation was launched five years ago after Meta disclosed to the DPC that it had mistakenly stored user passwords in “plaintext,” a highly vulnerable format that leaves data exposed to potential misuse. While Meta publicly admitted to the error at the time, the DPC confirmed that the exposed passwords were not accessible to any external parties.

    “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” Deputy Commissioner Graham Doyle of the Irish DPC said in a statement, per a Reuters report.

    Meta responded by stressing that the company took swift action to rectify the issue when it was identified during a 2019 security review. A spokesperson for the company assured that no evidence suggests the passwords were improperly accessed or misused, adding that Meta has cooperated fully with the DPC throughout the investigation.

    Related: Meta Holds Off on EU AI Pact, Focuses on Meeting AI Act Rules

    The Irish DPC oversees most of the top U.S. tech firms in Europe, given that many have based their EU operations in Ireland. This latest fine brings the total amount Meta has been penalized by the DPC to €2.5 billion for breaches under the EU’s General Data Protection Regulation (GDPR). The regulation, introduced in 2018, has led to significant fines for privacy violations.

    Among Meta’s penalties, a record €1.2 billion fine imposed in May 2023 remains under appeal. This most recent fine further underscores the EU’s ongoing efforts to hold tech giants accountable for data protection practices.

    Source: Reuters