Meta has been hit with a hefty fine of €91 million (approximately $101.5 million) by Ireland’s Data Protection Commission (DPC) for a 2019 breach that exposed the passwords of hundreds of millions of Facebook users.
The DPC investigation, conducted under the European Union’s General Data Protection Regulation (GDPR), found that Meta had stored these passwords in plaintext on its servers without encryption, posing a serious security risk.
The DPC concluded that Meta not only failed to secure sensitive user data but also breached GDPR rules by not reporting the incident within the required 72-hour window and failing to document the breach properly. Meta responded by stating it took “immediate action” to rectify the issue, claiming there was no evidence of password misuse.
This penalty is one of the latest in a series of GDPR-related fines levied against Meta, further highlighting the company’s ongoing struggles with privacy compliance.
The fine, though substantial, is still a small portion of what Meta could face under GDPR, which allows fines of up to 4% of global annual revenue. Given Meta’s $134.90 billion revenue in 2023, the fine remains relatively minor.
