Ireland fines Meta €251m over Facebook data breach

The Irish Data Protection Commission (DPC) announced on Tuesday that it has fined the tech-giant Meta 251 million euros for a personal data breach affecting 29 million Facebook accounts globally, reported Xinhua.

According to a press release from the DPC, the breach, caused by a vulnerability in a video upload function in Facebook's "View As" feature, exposed sensitive personal data, such as the user's full name, email address, phone number, and location.

Between Sept. 14 and Sept. 28, 2018, unauthorized persons used scripts to exploit this vulnerability and gained the ability to log on as the account holder to approximately 29 million Facebook accounts globally, of which about 3 million were based in the European Union/European Economic Area (EU/EEA), said the DPC.

The breach was remedied by Meta Ireland and its U.S. parent company shortly after its discovery, said the DPC. Meta was penalized for insufficient breach notification and failure to ensure data protection by design.

"This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms," said DPC Deputy Commissioner Graham Doyle.

"Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances," said Doyle.