Advertisement
Subscribe to our daily newsletter.
Subscribe

Ireland slaps Facebook with $19M fine over 2018 data breaches

The complaint refers to the company's handling of 12 data breaches that occurred in 2018.

By

Facebook's Meta logo. (Photo illustration by Chesnot/Getty Images)

Ireland’s Data Protection Commission on Tuesday issued a roughly $18.6 million fine against Facebook owner Meta related to how it handled European Union user data in the wake of 12 different breaches in 2018.

The decision found that Meta failed to properly demonstrate its compliance with the General Data Protection Regulation, which dictates data protection and privacy in the EU.

The decision doesn’t list the 12 breaches cited in the complaint, but the series of security flubs that year is well documented. A widespread security breach in October 2018 allowed hackers to steal tokens granting access to the profiles of 30 million users. Another bug exposed nearly 7 million users’ photos to developers for roughly 12 days in September 2018.

“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” a Meta spokesperson told CyberScoop in an email. “We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”

Advertisement

The Irish regulator previously fined Meta’s WhatsApp messenger for approximately $267 million in September for failing to provide users with enough information about what data it shared with other Meta companies.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

A worker climbs on a cellular communication tower on March 6, 2014 in Oakland, California. The U.S. Labor Department is asking mobile phone providers to increase safety training for crews who perform work on cell tower sites in the United States. According to the Occupational Safety and Health Administration (OSHA), more tower site workers died in 2013 than in the previous two years combined and four workers have died in the first weeks of 2014. (Photo by Justin Sullivan/Getty Images)

FCC takes $200 million bite out of wireless carriers for sharing location data

By Derek B. Johnson

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

The evolution of Microsoft’s Digital Crimes Unit

Image of a microphone for a podcast series

Tackling AI-powered threats with zero trust and least privilege access

Securing the Skies: Aerospace Cybersecurity with David Brumley

Government

Technology

Threats

Policy