Meta Fined €251 Million for 2018 Data Breach
The European Union's data privacy regulator has fined social media giant Meta Platforms €251 million ($263.5 million) for a 2018 cybersecurity breach that exposed the personal data of 29 million Facebook users. The breach involved unauthorized access to users' private information, including names, contact details, locations, workplaces, birthdates, religions, genders, and details about their children. The news was reported by Reuters.
The breach exploited a vulnerability in Facebook’s “View As” feature, allowing cyber attackers to leak sensitive user data. Deputy Commissioner of the Irish Data Protection Commission (DPC), Graham Doyle, stated in a press release, "The risks posed by such unauthorized disclosure of data were significant, creating the potential for misuse."
Following the breach, Meta acted quickly to address the issue and implemented measures to protect the affected users. Out of the 29 million accounts impacted globally, around 3 million were based in the EU and the European Economic Area.
The Irish Data Protection Commission (DPC), which oversees U.S. tech companies operating in Europe under GDPR, has imposed nearly €3 billion in fines on Meta since the law came into effect. This includes a record €1.2 billion fine in 2023.
Meta has announced plans to appeal the DPC’s latest decision.
