Meta is to pay another million-dollar fine for violating EU data protection laws. The accusation is that the Facebook parent company did not adequately protect users’ passwords.
The responsible Irish data protection authority (DPC) has imposed a further fine of 91 million euros on the US group Meta.
Meta is the parent company of the Facebook, Instagram and Whatsapp services. The DPC accuses the company of not adequately protecting the passwords of users of its services and of not responding correctly to a security incident.
Informed too late?
The DPC launched an investigation in April 2019 after being informed by Meta that a number of user passwords had been “inadvertently” stored unencrypted. The incident occurred in January 2019 and affected 36 million Facebook and Instagram users in the countries of the European Economic Area. In particular, the DPC accuses Meta of only informing them about this in March 2019.
Meta admits that some user passwords were “temporarily stored in a readable format in our internal data systems.” However, “immediate measures were taken to correct this error,” the company assured upon request. “There is no evidence that these passwords were misused or accessed inappropriately.”
Fines in the billions
The US group has already received a number of penalties for violations of the General Data Protection Regulation (GDPR), which has been in force since 2018, totaling a total of 2.5 billion euros. This includes a record fine of 1.2 billion euros in 2023, which Meta is appealing.
In the second quarter of the current financial year alone, Meta generated sales of $39.07 billion. Net profit rose 73 percent year-on-year to $13.5 billion.
