Meta Fined €251M for 2018 Facebook Data Breach Affecting 29M Users, Violating GDPR

Dec 17, 2024, 03:20 PM

Meta, the parent company of Facebook, has been fined €251 million ($263.5 million) by Ireland's Data Protection Commission (DPC) for a 2018 data breach that exposed the personal information of 29 million Facebook users globally, including 3 million in the European Union. The breach, which lasted 14 days between September 14 and September 28, 2018, exploited vulnerabilities in Facebook's 'View As' feature, allowing hackers to access sensitive user data such as names, contact details, locations, and more by misusing access tokens. The DPC cited Meta for failing to implement adequate data protection measures and for not meeting GDPR requirements, including insufficient breach notification and documentation. Deputy Commissioner Graham Doyle commented that the breach highlighted the risks of failing to integrate data protection into system design. Meta plans to appeal the fine, stating that it took immediate action to address the issue upon discovery. This penalty is part of a series of fines imposed on Meta by the EU, totaling nearly €3 billion under GDPR regulations.