Meta has been hit with €251M EU fine for 2018 Facebook data breach, highlighting the regulator’s firm stance on data privacy violations and the growing scrutiny on tech giants.
Meta, the parent company of Facebook, has been hit with a hefty €251 million ($263.5 million) fine by the European Union’s principal data privacy regulator following a major security breach in 2018 that compromised the personal data of 29 million users worldwide. DPC Deputy Commissioner Graham Doyle emphasized the gravity of the situation, noting that “the scale of this vulnerability posed a serious and tangible threat to the security of individuals’ private information.”
The breach stemmed from a critical vulnerability in Facebook’s “View As” feature, a tool designed to let users see their profiles from the perspective of others. Exploited by cyber attackers, this flaw led to the unauthorized exposure of highly sensitive information, including names, contact details, birth dates, locations, workplaces, religious affiliations, genders, and even data related to users’ children. Ireland’s Data Protection Commission (DPC), which oversees Meta’s compliance under the EU’s General Data Protection Regulation (GDPR), described the breach as a significant risk for misuse of personal data.
While Meta acted swiftly to resolve the breach, the damage had already been done. Of the 29 million affected accounts, around 3 million belonged to users within the European Union and the European Economic Area. The Irish regulator, responsible for overseeing most U.S. tech giants due to their European bases in Ireland, has been unwavering in its enforcement of GDPR regulations. With this latest penalty, Meta’s cumulative fines under GDPR now approach €3 billion—most notably including the record €1.2 billion fine issued in 2023, which the company is still appealing.
In response to the ruling, Meta reaffirmed its commitment to data protection, while signaling its intent to challenge the decision. “We acted immediately to address the issue once discovered, notified affected users, and proactively informed the Irish Data Protection Commission,” a company spokesperson stated, underscoring the measures Meta has since implemented to bolster security across its platforms.
As the EU intensifies its scrutiny of tech behemoths, this ruling sends an unambiguous message: breaches of trust in safeguarding user privacy will not go unchecked. For Meta, the stakes remain high as regulatory authorities maintain a sharp focus on holding corporations to account in an era where data protection is paramount.
Info Source : Nairametrics & Reuters
