Facebook parent company Meta has been fined €265 million by the Irish Data Protection Commission (DPC) following a data breach which saw the personal details of hundreds of millions of Facebook users published online.

In April 2021, the DPC launched an investigation after data including names, phone numbers and email addresses of up to 533 million users appeared on an online hacking forum.

Facebook said at the time that the information, some of which had already appeared online a number of years ago, was “scraped”, but not hacked, by malicious actors through a vulnerability in its tools prior to September 2019.

“Scraping” uses automated software to lift public information from the internet that can then end up being distributed in online forums.

The social network said it patched the vulnerability in 2019, preventing any further data from being harvested.

As part of its investigation, the Data Protection Commission carried out an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta during the period between 25 May 2018 and September 2019.

The material issues in the inquiry concerned questions of compliance with the General Data Protection Regulation (GDPR) obligation for Data Protection by Design and Default.

Meta was found to be in breach of Article 25 of the GDPR rules.

“Because this data set was so large, because there had been previous instances of scraping on the platform where the issues could have been identified in a more timely way, we ultimately imposed a significant sanction,” said Helen Dixon, Data Protection Commissioner.

“The risks are …

Read The Full Article at RTE

Check Also

IAB Europe’s advertising bidding model uses personal data, EU court rules

After clarification from Luxembourg, the Belgian Court of Appeal will now rule on the case…