Ireland slaps Facebook with $19M fine over 2018 data breaches

Ireland’s Data Protection Commission on Tuesday issued a roughly $18.6 million fine against Facebook owner Meta related to how it handled European Union user data in the wake of 12 different breaches in 2018.

The decision found that Meta failed to properly demonstrate its compliance with the General Data Protection Regulation, which dictates data protection and privacy in the EU.

The decision doesn’t list the 12 breaches cited in the complaint, but the series of security flubs that year is well documented. A widespread security breach in October 2018 allowed hackers to steal tokens granting access to the profiles of 30 million users. Another bug exposed nearly 7 million users’ photos to developers for roughly 12 days in September 2018.

“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” a Meta spokesperson told CyberScoop in an email. “We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”

The Irish regulator previously fined Meta’s WhatsApp messenger for approximately $267 million in September for failing to provide users with enough information about what data it shared with other Meta companies.