CyberSecurity updates
2024-12-27 06:14:31 Pacfic

Meta Fined for Major Data Breach GDPR Violations - 7d
Read more: www.bleepingcomputer.com

Meta has been fined €251 million (approximately $263 million) by the Irish Data Protection Commission (DPC) for violations of the General Data Protection Regulation (GDPR). The fine is a result of a 2018 data breach that compromised the personal information of 29 million Facebook accounts globally, around 3 million of those being EU based users. The breach occurred due to a vulnerability in Facebook's "View As" feature which allowed hackers to gain access to user accounts. This vulnerability was present since July 2017 and was exploited in September 2018, with malicious actors using scripts to steal access tokens to users’ accounts. The hackers were able to obtain sensitive information such as names, dates of birth, and other personal data.

The DPC imposed the fine due to Meta's failure to adequately protect user data as required by GDPR and its failure to fully disclose the breach details. The fine includes penalties for not implementing sufficient data protection principles in its systems and for storing more user data than necessary. Additionally, the regulator determined that Meta failed to document the breach and its remediation efforts, and that the notifications sent to the regulatory body were insufficient. This penalty highlights the importance of adhering to data protection laws and ensuring user data is secure.