The Irish Data Protection Commission (DPC) has fined Meta for €251 million for a massive breach of personal data that affected around 29 million Facebook users worldwide.
The breach was discovered back in September 2018. Unauthorized third parties gained access to the identity tokens of Facebook users, leading to the leakage of personal data such as full names, email addresses, phone numbers, places of employment, dates of birth and other sensitive information.
In its decision, the DPC emphasized the "serious risk of misuse" of the obtained data, which became a key argument for imposing a fine. At the same time, the regulator took into account the fact that Meta corrected the identified security flaws after the incident.
Meta is expected to appeal the decision, as it has done in the past. In total, the Irish regulator has already imposed €2.8 billion in fines on Meta, but only €17 million has actually been recovered as the rest of the fines are pending before the courts.
