Ireland's Data Protection Commission has fined Meta Platforms Corporation €265 million (about $276 million) for leaking data of more than 533 million Facebook users from more than 100 countries.
The leak occurred in April 2021: Insider discovered information posted on an online hacker forum that included the full names, phone numbers, locations and birth dates of users on the platform from 2018 to 2019.
Meta said the attacker got all that data through a vulnerability that was fixed back in 2019, and that it was the same information as in a previous leak that Motherboard reported in January 2021.
When the leak came to light, the Irish Data Protection Commission launched an investigation to see if Facebook was complying with European General Data Protection Regulation laws. The investigation found that the company did not follow strict security rules under the laws.
As a result, the Commission not only fined the company, but also ordered Meta Ireland to check and make sure that the company's operations in the region were compliant with the law.
According to The Verge, this is the third fine the DPC has imposed on Meta this year. In March, the DPC fined Meta $18.6 million for improper record keeping in connection with a series of data breaches that occurred in 2018 and exposed the personal data of about 30 million Facebook users. And in September, the European regulator fined Meta $402 million after investigating how Instagram handled teenagers' data.
In 2022, the DPC fined Meta nearly $700 million – and that figure doesn't include the $267 million fine imposed last year on WhatsApp for violating European data privacy laws.
A major data breach also occurred on Twitter recently: attackers stole personal data (including private phone numbers and email addresses) from more than 5.4 million accounts and posted it on a hacker forum in the public domain.