Ireland slaps Facebook with $19M fine over 2018 data breaches

The complaint refers to the company's handling of 12 data breaches that occurred in 2018.
Facebook's Meta logo. (Photo illustration by Chesnot/Getty Images)

Ireland’s Data Protection Commission on Tuesday issued a roughly $18.6 million fine against Facebook owner Meta related to how it handled European Union user data in the wake of 12 different breaches in 2018.

The decision found that Meta failed to properly demonstrate its compliance with the General Data Protection Regulation, which dictates data protection and privacy in the EU.

The decision doesn’t list the 12 breaches cited in the complaint, but the series of security flubs that year is well documented. A widespread security breach in October 2018 allowed hackers to steal tokens granting access to the profiles of 30 million users. Another bug exposed nearly 7 million users’ photos to developers for roughly 12 days in September 2018.

“This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people’s information,” a Meta spokesperson told CyberScoop in an email. “We take our obligations under the GDPR seriously, and will carefully consider this decision as our processes continue to evolve.”


The Irish regulator previously fined Meta’s WhatsApp messenger for approximately $267 million in September for failing to provide users with enough information about what data it shared with other Meta companies.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts