Meta hit with $263m fine over 2018 Facebook data breach

Image Credit: Pixabay (Image credit: Pixabay)

Meta has been hit with a €251 million GDPR fine
Punshment follows Facebook data breach incident in 2018
Ireland's Data Protection Commission is yet to collect many of the fines

Meta has received yet another GDPR fine, with the parent company of Facebook, Instagram and WhatsApp facing a €251 million (around $263 million) hit following a 2018 data breach which exposed around 29 million Facebook accounts globally, 3 million of which were EU-based users.

Ireland’s Data Protection Commission (DPC) has been one of Europe’s leading regulatory bodies when it comes to holding tech firms to account, handing out huge penalties for GDPR violations, including the largest ever GDPR fine, a $1.3 billion charge, also against Meta, for data handling.

The most recent violations refer to the attack in which malicious actors used the ‘view as’ feature, which ordinarily allows users to see what their account looks like to their friends and family, to steal access tokens in order to take over the users account.

Millions of users affected

Of the users whose tokens were stolen, 15 million had their phone numbers and email addresses exposed, and a further 14 million also had their usernames, gender, relationship status, and location check-ins accessed. One million lucky users targeted had no data stolen.

Following the breach, the DPC found Facebook infringed GDPR by not including enough information in its breach notification, failing to properly document the facts of the incident. The DPC also found the company failed to ensure the data protection principles were protected, and that Facebook had failed in its ‘obligation as controllers’ to ensure that only necessary personal data is processed.

“This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” said DPC Commissioner Graham Doyle.

This may seem like a hefty fine, and it is, but the reality of these GDPR fines is not quite what it seems. So far, only 1% of these DPC fines have been collected, so there's a chance this fine could also get tied up in the appeals process indefinitely.

Check out our list of the best social media management tool
The Bluesky hype explained – how it compares to Twitter and the best ways to switch
Take a look at our best VPN picks

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.