Ireland fines Meta $101m for EU data breach

Meta fined $101m for password security breach, while Ireland investigates Google AI amid crackdown on tech giants.


News Desk September 28, 2024
EU flag and Meta logo are seen in this illustration, May 22, 2023. PHOTO: REUTERS

An Irish regulator tasked with enforcing EU data privacy laws announced on Friday that it had fined Meta, Facebook's parent company, $101m  million ($102 million) for breaches related to password security.

The Data Protection Commission (DPC) criticised Meta for inadequate security measures to safeguard users' password data and for delaying notification of the issue to the regulator.

The investigation began in April 2019, following Meta Ireland's report to the DPC that it had "accidentally stored certain social media users' passwords" in an accessible format on its internal systems, the DPC said in a statement.

"It’s a well-established principle that user passwords should never be stored in plaintext, given the potential risks of misuse if unauthorized persons gain access to the data," said Graham Doyle, the DPC's head of communications.

Doyle revealed to AFP that the breach, which occurred in January 2019, impacted 36 million Facebook and Instagram users across the European Economic Area, including EU nations, Iceland, Liechtenstein, and Norway.

The regulator also criticized Meta for not informing the DPC about the issue until March 2019.

In a statement to AFP, Meta acknowledged that some Facebook users' passwords were "temporarily stored in a readable format" within their internal systems.

The company added, "We acted immediately to correct this error, and there is no evidence that these passwords were misused or improperly accessed. We voluntarily notified our lead regulator, the Irish Data Protection Commission, and have cooperated fully throughout the investigation."

Several global tech giants, including Google, Apple, and Meta, have established their European headquarters in Dublin.

As a result, Ireland's data protection authority serves as the primary regulator tasked with holding these companies accountable.

The fine issued on Friday, though minor in comparison to Meta's multi-billion-dollar revenue, is part of a broader pattern of penalties imposed on the US social media company and its competitors, as international regulators work to curb big tech's influence, including issues related to taxation, competition, and disinformation.

This month, Ireland initiated an investigation into Google's development of artificial intelligence.

Meanwhile, the European Commission secured two major legal victories in separate cases, resulting in Apple and Google being ordered to pay billions of euros.

At the same time, an EU court overturned a €1.49-billion fine imposed by Brussels on Google for abuse of dominance in online advertising.

Tech firms are also engaging in legal battles against one another over alleged violations. On Wednesday, Google announced it had lodged a complaint with the European Commission, accusing Microsoft of "anticompetitive" licensing practices aimed at pushing customers to use its cloud services.

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ