Facebook owner Meta fined €91 million over breach

By Cillian Sherlock, PA

Facebook parent company Meta has been fined €91 million by the Irish Data Protection Commission.

It follows an investigation into Meta inadvertently storing certain s in plaintext on its internal systems, meaning they were not protected by encryption.

The issue applied to millions of Facebook and Instagram s.

Meta Ireland notified the DPC of the breach in March 2019. The s were not made available to external parties.

📢Latest News: Irish Data Protection Commission fines Meta Ireland €91 millionhttps://t.co/yRAt4LdNZ2 pic.twitter.com/7CWFwHekH6

— Data Protection Commission Ireland (@DPCIreland) September 27, 2024

The DPC found a range of infringements of GDPR rules including failing to notify the commissioner of the data breach, failing to document the data breach, not using appropriate security measures to protect the s, and not implementing appropriate organisational measures around the confidentiality of the s.

Deputy Commissioner Graham Doyle said: “It is widely accepted that s should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.

“It must be borne in mind that the s the subject of consideration in this case are particularly sensitive, as they would enable access to s’ social media s.”