Meta Hit with Massive 263m GDPR Fine Infosecurity Magazine

The breach exposed the personal data of over 5.4 million users to unauthorized access.

The Breach

The data breach occurred in 2018, when Meta, then known as Facebook, suffered a security incident that exposed the personal data of over 5.4 million users. The breach was not limited to a single platform, but affected multiple platforms, including Facebook, Instagram, and WhatsApp. The breach was caused by a vulnerability in the “View As” feature, which allowed users to see how their profile looked to others. The vulnerability was discovered by a security researcher, who reported it to Meta. Meta took steps to address the vulnerability, but the breach was not discovered until 2020.

The Consequences

The data breach had significant consequences for Meta and its users. The breach exposed the personal data of over 5.4 million users to unauthorized access, including:

Personal data such as names, email addresses, and phone numbers. Location data, including IP addresses and device information. Other sensitive information, including login credentials and financial data. The breach also led to a significant increase in phishing attacks and other types of cybercrime. Meta took steps to mitigate the breach, including implementing new security measures and providing support to affected users.

The company’s data processing systems were not designed to ensure the security and integrity of personal data, and the systems were not subject to regular security audits and testing.

You Might Also Enjoy: DeepSeek privacy under investigation in US and Europe App Store impact

The Meta Data Breach Incident

In 2021, Meta faced a significant data breach incident that exposed the personal data of millions of users. The incident involved the unauthorized disclosure of sensitive information, including phone numbers, email addresses, and other personal details. The breach was not reported to the relevant authorities until several months after the incident, which raised concerns about the company’s handling of the situation.

The Failure to Notify Users

Meta failed to notify users about the breach in a timely manner, which is a requirement under the GDPR. The company did not provide users with clear and concise information about the breach, including the types of data that were affected and the measures being taken to address the issue. This lack of transparency and communication has led to widespread criticism and mistrust among users.

The Failure to Follow Data Protection Principles

Meta’s data processing systems were not designed to ensure the security and integrity of personal data. The company’s systems were not subject to regular security audits and testing, which increased the risk of data breaches. Furthermore, Meta’s systems were not designed to implement data protection principles, such as data minimization and data protection by design.

The Consequences of the Breach

The consequences of the breach were severe, with millions of users affected. The breach led to a loss of trust in Meta and its products, with many users choosing to delete their accounts or switch to alternative platforms.

The Meta Fined $400m in Ireland for Children’s Privacy Breach

In a significant development, Meta has been fined €400 million ($400 million) by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR) in relation to the processing of children’s personal data.

This is the latest in a long line of big GDPR fines for the social media giant.