Meta Slapped With Hefty Fine For Because Of A Data Breach

Ireland’s Data Protection Commission (DPC) has fined Meta $265 million USD for a data breach that affected millions of Facebook users in 2021. This information from ‘scraped data’ included phone numbers, Facebook IDs, names, locations, DOBs and email addresses.

The DPC commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet. The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited (‘MPIL’) during the period between 25 May 2018 and September 2019. The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default.  The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).

John Stevenson, Product Director, Cyren had this to say:

“Every single one of the 533m Facebooks users whose information was published on hacking forums faced potential follow-up phishing scams exploiting their exposed PII in the pursuit of more valuable credentials. 

So, whilst the initial data leak was back in 2021, it’s nonetheless encouraging to see fines being issued retrospectively. Hopefully, the consequences here will encourage other enterprises to comply to cyber regulations and follow best practices to avoid a mercenary penalty in future, particularly given cyber insurers increasingly setting a higher bar for due diligence to avoid extortionate payouts like this one.”

Besides other enterprises complying with cyber regulation. I hope that this encourages Facebook to play by the rules for fear of being punished heavily. $265 million USD is a non-trivial amount of money, and I hope it gets their attention.

Leave a Reply

%d bloggers like this: