ALBAWABA - Following a major data breach that affected numerous Facebook user accounts, The Irish Data Protection Commission (DPC) has imposed a €251 million (~ $263K) fine on Meta Platforms Ireland Limited (MPIL).
According to a press statement from the DPC, the data breach, which was conducted for over two weeks in 2018, affected nearly 29 million accounts worldwide, including 3 million in the EU/EEA area.
Vulnerabilities in Facebook's video upload tool, particularly in the “View As” option, constituted the root of the breach. This vulnerability gave hackers access to user tokens, which gave them complete control over Facebook accounts, as well as being used by unapproved third parties.
The impacted data reportedly included children's information, sensitive information including political and religious views, complete names, phone numbers, email addresses, locations, and places of employment.
Meta promptly resolved the problem after reporting it in September 2018. However, the DPC's investigation found several violations of the General Data Protection Regulation (GDPR), leading to censure and hefty penalties.
According to the DPC, Meta was fined €8 million under Article 33(3) GDPR and €3 million under Article 33(5) GDPR for failing to submit all relevant data in its breach notice and failing to sufficiently document the event or its repair actions.
Additionally, Meta was penalized for not incorporating appropriate data protection standards into the structure of its systems. This included a €110 million penalty for failing to ensure that only required personal data was processed by default (Article 25(2) GDPR) and a €130 million fine for failing to include sufficient data protection into its systems (Article 25(1) GDPR).
Graham Doyle, the regulator's head of communications, commented “The failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” AFP reports.
