From CNET: Back in 2018, 29 million Facebook users around the world were affected by a security breach that exposed their personal data. Six years later, the Irish Data Protection Commission, which regulates Facebook's parent company Meta in Europe, has finally issued the company with a fine for the breach.
The DPC announced on Tuesday it was fining Meta 251 million euros ($263.5M) for failing to prevent cyber attackers from exploiting a vulnerability in its code, which allowed them to use its "View As" feature to see people's private profile information. This included full names, email addresses, phone numbers, locations, places of work, dates of birth, religions, genders, posts on timelines, groups of which people were members and children's personal data.
"This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals," said DPC Deputy Commissioner Graham Doyle in a statement. "Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances."
Around 3 million people affected by the breach live in the EU, where strict data protection regulations, known as the GDPR, provide citizens with protections if their privacy is violated. The GDPR has served as a model for many other pieces of privacy legislation around the world, including California's privacy rules. It requires company's to self-report privacy breaches and can result in fines of up to 20 million euros or 4 percent of global revenue, whichever is higher. Meta has been fined almost three billion dollars in total for various breaches.
View: Full Article
