Meta, Facebook's parent company, has been fined $264 million by the Irish Data Protection Commission for a 2018 data breach that compromised the personal information of 29 million users globally. The breach exploited a vulnerability in Facebook's "View As" feature, allowing attackers to access sensitive user data, including names, email addresses, phone numbers, locations, dates of birth, and even children's information. Approximately 3 million of the affected users resided in the European Union, where the General Data Protection Regulation (GDPR) enforces stringent privacy rules and imposes significant penalties for violations. The DPC announced the fine on December 17, 2024, emphasizing the importance of integrating strong data protection measures during system design.
Meta has faced nearly $3 billion in total fines for privacy breaches, with this latest penalty underscoring the regulatory scrutiny it faces under GDPR. The company stated it acted promptly in 2018 to address the issue, notify affected users, and inform authorities. However, it plans to appeal the decision. DPC Deputy Commissioner Graham Doyle highlighted the serious risks posed by the breach, noting that Facebook profiles often contain highly sensitive information. The GDPR's framework has inspired privacy legislation worldwide, including California's privacy laws, reinforcing protections against such data violations.
