FeaturedNews

Meta Fined $263 Million by EU Over 2017 Data Breach

Meta has been hit with another substantial fine in Europe, as the Irish Data Protection Commission (DPC) issued a €251 million ($263 million) penalty for a 2017 data breach that exposed sensitive user information. The breach stemmed from a vulnerability in Facebook’s video upload feature, which allowed hackers to access personal data from 29 million users globally, including 3 million within the EU and EEA.

The compromised data included full names, email addresses, phone numbers, locations, workplaces, birthdates, religious affiliations, gender, timeline posts, group memberships, and even children’s information. The DPC found that Meta failed to integrate essential data protection measures into the platform’s design, putting users at significant risk of harm. The DPC noted that Facebook profiles often include sensitive information, such as political beliefs and sexual orientation, which users may share under the assumption of privacy.

This fine is one in a series of penalties Meta has faced in the EU for privacy violations. Just last month, the company was fined €797.72 million ($841 million) over antitrust breaches related to Facebook Marketplace. Earlier this year, it was also hit with a record $1.3 billion fine for transferring EU user data to the U.S. without adequate protections.

While these fines are obviously meant to be hard-hitting due to the severity of data breaches, Meta’s massive revenue – projected at $160 billion for 2024 overall – means the financial impact remains limited. Even so, the fines are still bad optics for the company even if some of them are based on breaches from over five years ago, and Meta may need to take extra steps to properly protect user data going forward.

Social Discovery Insights is part of the Industry Insights Group. Registered in the UK. Company No: 14395769