Overview
- Meta has been fined €251 million ($263 million) by the Irish Data Protection Commission for a 2018 Facebook data breach affecting 29 million users globally, including 3 million in the EU.
- The breach exploited a vulnerability in Facebook's 'View As' and 'Happy Birthday Composer' features, allowing attackers to access personal data such as names, emails, phone numbers, and religious affiliations.
- The penalty includes €11 million for inadequate breach notification and €240 million for failing to implement GDPR-compliant data protection measures by design.
- Meta claims it took immediate action to address the breach and has implemented enhanced data protection measures since the incident.
- This fine adds to Meta's history of GDPR violations, including a €91 million penalty in September 2024 for another data security lapse.