Meta, the parent company of Facebook, WhatsApp, and Instagram, has been fined on Monday by the Irish Data Protection Commission to the tune of €265 million (approximately £228 million). The fine comes as punishment for a breach on Meta’s network that resulted in the data of more than five hundred million people getting leaked and published without authorization.
In the said breach, the email addresses and phone numbers of about 533 million people surfaced in a hacking space on the internet. The Data Protection Commission swiftly began an investigation into the matter in April last year.
While the investigation and proceedings went on, Facebook revealed that some of the information of those users were already available online a couple of years before then. They were then scraped by bad actors who exploited a loop in its tool. But the data were not hacked out, Facebook said.
Scraping involves using automated software to get public information on the internet. That information could then find its way to various forums online.
Nevertheless, the Data Protection Commission determined that Meta breached Article 25 of the General Data Protection Regulation rules. In the ruling, Helen Dixon, the Data Protection Commissioner, stated that the data involved was very large, and there had also been cases of scraping on Facebook before then. She said the issues could have been quickly identified and addressed.
Pledge to collaborative protection
The Commission, therefore, imposed a heavy sanction on Meta. Because the risks individuals would bare are of considerable effect with regard to spamming, scamming, phishing, smishing, and outright loss of their personal data, the Commission imposed a €265 million fine in total, she said.
In addition to the fine, Meta was also given a reprimand, as well as an order asking it to make its processes compliant by carrying out a series of actions within a defined timeframe.
A spokesman from Meta said data security and protection is a core principle of the business. That is the reason for the company’s full corporation with the Irish Data Protection Commission. He said Facebook made changes to its system while the case went on and the changes include taking away the ability to scrape while using phone numbers.
Unauthorized data scraping is not acceptable and is against Facebook’s rules. The company will keep working with other stakeholders in the industry to tackle that challenge, he said.
Meta filed an appeal in September against a €405 million fine slammed on Instagram by the Data Protection Commission.