On November 28, the Irish Data Protection Commission (DPC) announced that it had fined Facebook owner Meta 265 million euros ($274.8 million) for a breach of the European Union’s General Data Protection Regulation (GDPR). Specifically, the DPC stated that the fine was made for failing to design Facebook in such a way that it would protect users from data breaches.
The announcement comes on the heels of a more than a year-long investigation that began in April 2021, while the breach itself occurred in late 2019.
Originally, the data breach was discovered by TechCrunch, which reported that hundreds of millions of Facebook users’ phone numbers were listed in a publicly-accessible database online. The database was later taken down by the web host, but its existence revealed that Facebook’s data had been breached.
And so in April 2021, the DPC began its investigation, prompting Meta to post a statement about the breach called “The Facts on News Reports About Facebook Data.” The company claimed that an attacker had used its contact importer tool to spam the server with phone numbers to see which ones had Facebook accounts associated with them.
Each time the attacker got a response, they were able to gain the personal details of the user and then match these details with the users’ phone number. As a result, users’ personal data was leaked to malicious actors.
Meta claimed that it had patched this contact importer vulnerability once the breach was discovered and that the tool was now safe.
The DPC, on its end, claims that it has found “infringement of Articles 25(1) and 25(2) GDPR” due to this incident and “has imposed administrative fines totaling €265 million.”
The Commission said this was a comprehensive inquiry process that included cooperation with all of the other data protection supervisory authorities within the EU. And those supervisory authorities agreed with the decision of the DPC.
The use of personal data in social media apps has become controversial in recent years, with data breaches becoming commonplace. As a user, you can do little when a breach takes place; however, you can be easy on what you share on social media and leave as few details as possible. So, when a breach is made, you will be a little safer. And also, don’t forget to use a VPN. 😉