An Irish regulator helping to protect personal data in the European Union has announced that it has fined Facebook owner Meta €251 million over a data protection failure that resulted in users' accounts being hacked.
The Data Protection Commission (DPC) criticised Meta for a security flaw in its video upload feature, which hackers were able to exploit to gain full access to other users' Facebook accounts, AFP reported.
In a period of over two weeks in 2018, unauthorised users were able to hack into around 29 million Facebook accounts globally, including 3 million based in the EU.
The personal data included email addresses, phone numbers, locations and workplaces.
"Failure to include data protection requirements throughout the design and development cycle can expose people to very serious risks and harms, including risk to people's fundamental rights and freedoms. By allowing unauthorised disclosure of account information, the vulnerabilities underlying this breach have caused a serious risk of misuse of these types of data," stated Graham Doyle, the regulator's head of communications.
Meta Ireland and its US parent company fixed the breach soon after it was discovered and reported the issue to the regulator in September 2018.
"We took immediate action to rectify the issue as soon as it was identified and have proactively informed the affected individuals as well as the Irish Data Protection Commission," a Meta spokesperson said. | BGNES
