Published: 11:33, December 18, 2024
Ireland fines Meta 251m euros over Facebook data breach
By Xinhua
This picture taken on March 25, 2024, shows the Meta logo on a smartphone in Mulhouse, eastern France. (PHOTO / AFP)

LONDON - The Irish Data Protection Commission (DPC) announced on Tuesday that it has fined the tech-giant Meta 251 million euros ($263.7 million) for a personal data breach affecting 29 million Facebook accounts globally.

According to a press release from the DPC, the breach, caused by a vulnerability in a video upload function in Facebook's "View As" feature, exposed sensitive personal data, such as the user's full name, email address, phone number, and location.

Between Sept 14 and Sept 28, 2018, unauthorized persons used scripts to exploit this vulnerability and gained the ability to log on as the account holder to approximately 29 million Facebook accounts globally, of which about 3 million were based in the European Union/European Economic Area (EU/EEA), said the DPC.

ALSO READ: Cambridge Analytica lawsuit: Facebook-parent Meta settles with Aussie privacy watchdog

The breach was remedied by Meta Ireland and its US parent company shortly after its discovery, said the DPC. Meta was penalized for insufficient breach notification and failure to ensure data protection by design.

"This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms," said DPC Deputy Commissioner Graham Doyle.

"Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances," said Doyle.