Ireland’s data protection commission (DPC) fined Meta Platforms’ Irish arm €251 million (US$264 million) following two inquiries into a personal data breach that it said impacted 29 million users worldwide.
The breach was reported by Meta Platforms Ireland Limited (MPIL) in September 2018. It impacted data including full names, email addresses, phone numbers, posts on timeliness and groups of which the user was a member, according to a statement by the watchdog Tuesday. Around three million of the users impacted were based in the European Union and European Economic Area, the statement added.
The breach arose from the exploitation by unauthorised third parties of user tokens on Facebook, the statement added. It was remedied by MPIL and its US parent company shortly after its discovery, it added.
The DPC found that the tech giant infringed General Data Protection Regulation rules by failing to document facts relating to breaches and the steps taken to remedy them. It also noted that it failed in its obligations to ensure that, by default, only personal data necessary for specific purposes are processed, the statement said.
“We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission. We have a wide range of industry-leading measures in place to protect people across our platforms,” a Meta company representative said in an emailed statement.
Ireland’s watchdog already chided the platform this year, slapping it with a €91 million fine in September over an investigation into password storing by the company.