Meta fined $101.5M for 2019 breach that exposed hundreds of millions of Facebook passwords
Meta was fined $101.5M by the Irish Data Protection Commission for a 2019 breach that exposed millions of Facebook passwords in plaintext.
Meta, previously known as Facebook, faced a significant penalty from Ireland's Data Protection Commission (DPC) concerning a 2019 security breach. The DPC's multi-year investigation concluded that Meta had stored 'hundreds of millions' of Facebook user passwords in plaintext, which did not comply with GDPR's data security requirements.
The breach posed a risk of unauthorized access to sensitive information, and Meta was also found to have failed in notifying the breach within the required 72-hour window and in documenting the breach properly. Deputy commissioner Graham Doyle emphasized the sensitivity of the compromised data and the unacceptable storage practices that exposed users’ passwords.
Responding to the penalty, Meta spokesperson Matthew Pollard stated that the company had taken 'immediate action' to rectify the issue and maintained that there was no evidence of improper access to the exposed passwords. Despite Meta's claims, the recent fine highlights ongoing privacy compliance issues, alongside the €17M fine for a 2018 breach, showing a pattern of security lapses at the company.