Meta has been fined $263.5 million in the European Union (EU) for a 2018 privacy breach that reportedly impacted 29 million Facebook users globally.
Three million of these users were based in the EU.
The fine was announced on Tuesday by the Irish Data Protection Commission (DPC), which Meta had notified about the breach itself.
According to the DPC, Facebook’s “View As” feature — which lets a user see how their profile appears to others — had been exploited by hackers in the incident. As a result, personal information, including name, gender, date of birth, religion, had been compromised.
“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data,” DPC Deputy Commissioner Graham Doyle said in a statement.
The DPC said that Meta addressed the breach shortly after it was identified. Meta, on the other hand, is planning to appeal the fine; the company says it has various protective measures in place on its social media platforms.
“We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission,” a Meta spokesperson said.
Meta has accrued fines amounting to billions of dollars from the DPC for a range of failures and violations, including many related to data privacy and child protection.
