EU fines Meta Platforms $263 million for failing to prevent hacking of millions of users' data

The Irish Data Protection Commission (DPC), a body linked to the European Union (E.U.), fined Meta Platforms 251 million euros (around $263 million) for failing to prevent hacks of millions of Facebook accounts worldwide.

Through a statement, the DPC detailed that around 29 million profiles were affected by the actions of cybercriminals, which resulted in the breach and theft of personal data, such as email addresses, phone numbers, places of work or dates of birth.

Graham Doyle, deputy commissioner of the DPC, reported that the penalty imposed on the tech giant led by Mark Zuckerberg is based on deficiencies in Meta Platforms' security and data protection policy.

"This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals. Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthori[z]ed exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data," Doyle said.

Via a post picked up by Reuters, a Meta Platforms spokesperson assured that as soon as they identified the flaws, "we proactively informed affected individuals, as well as the Irish Data Protection Commission."

This is not the first time the DPC has decided to sanction Meta Platforms. In 2023, the body imposed the largest fine in E.U. history (about $1.3 billion) on the company for illegally sending European users' private information to the United States.

A year earlier, in 2022, the DPC penalized Meta Platforms $276 million after a massive personal data breach of some 533 million users.