Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Meta Hit With $102 Million Privacy Fine From European Union Over 2019 Password Security Lapse

Meta fined more than $100 million by a European Union privacy regulator over a security lapse involving Facebook passwords.

Meta fined

Meta was punished Friday with a fine worth more than $100 million from the social media giant’s European Union privacy regulator over a security lapse involving passwords for Facebook users.

The Irish Data Protection Commission said it slapped the U.S. tech company with the 91 million euro ($101.6 million) penalty following an investigation.

The watchdog started investigating in 2019 after it was notified by Meta that some passwords had been inadvertently stored internally in plain text, which means they weren’t encrypted and it was possible for employees to search for them.

Deputy Commissioner Graham Doyle said it’s “widely accepted” that user passwords should not be stored in plain text, “considering the risks of abuse.”

Meta said a security review found that a “subset” of Facebook users’ passwords were “temporarily logged in a readable format.”

“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” the company said in a statement. “We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”

It’s the latest in a series of hefty fines for Meta and its social media platforms from the Dublin-based watchdog, which is the company’s lead regulator under the 27-nation EU’s stringent data privacy rulebook. They include a 405 million euro fine for Instagram over mishandling teen data, a 5.5 million euro penalty involving WhatsApp and a 1.2 billion euro fine for Meta over transatlantic data transfers.

Related: Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US

Advertisement. Scroll to continue reading.

Related: Uber to Appeal €290 Million GDPR Fine

Related: Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.