DUBLIN, Dec 17 (Reuters) - The lead European Union data
privacy regulator for Meta fined the social media giant
251 million euros ($263.5 million) on Tuesday for a 2018
Facebook security breach that affected 29 million users.
Meta notified Ireland's Data Protection Commission at the
time that cyber attackers had exploited a vulnerability in
Facebook's code that impacted the "View As" feature that lets
users see what their own profile looks like to someone else.
That led to a breach in personal data including users' full
name, contact details, location, place of work, date of birth,
religion, gender and their children's personal data, the DPC
said.
"By allowing unauthorised exposure of profile information,
the vulnerabilities behind this breach caused a grave risk of
misuse of these types of data," DPC Deputy Commissioner Graham
Doyle said in a statement.
Meta remedied the breach shortly after its discovery, the
DPC said. Of the 29 million Facebook accounts impacted globally,
about 3 million were based in the EU and European Economic Area.
The DPC is the lead EU regulator for most of the top U.S.
internet firms due to the location of their EU operations in
Ireland.
It has so far fined Meta almost 3 billion euros for breaches
under the bloc's General Data Protection Regulation (GDPR)
introduced in 2018, including a record 1.2 billion euro fine in
2023 that Meta is appealing.
Meta said it will also appeal Tuesday's decision and that it
has a wide range of measures in place to protect users across
its platforms.
"We took immediate action to fix the problem as soon as it
was identified, and we proactively informed people impacted as
well as the Irish Data Protection Commission," a spokesperson
for Meta said in a statement.
($1 = 0.9527 euros)