Nov. 28 (UPI) — Ireland’s data privacy regulator has fined Meta approximately $275 million for failing to protect personal data during a 2019 data breach.
The Irish Data Protection Commission announced the fine and other corrective measures on Monday for the breach that compromised the personal data of European Union Justice Commissioner Didier Reynders, Luxembourg Prime Minister Xavier Bettel and dozens of other EU officials.
The leaked data included 533 million records showing Facebook IDs, birthdates, phone numbers and emails, which were posted in a public forum. Of the users included in the listing, about 32 million were in the United States and about 11 million were in Britain.
In addition to the fine, the DPC has also ordered Meta to bring its “processing into compliance by taking a range of specified remedial actions within a particular timeframe,” the DPC said in a statement.
A Meta spokesperson said Monday it is cooperating with the commission’s investigation and is reviewing the decision “carefully.”
“Protecting the privacy and security of people’s data is fundamental to how our business works,” Meta said in a statement.
“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge,” the company said.
Ireland’s DPC has fined Meta four times in the past year for alleged violations of Europe’s data privacy law, known as the General Data Protection Regulation.
Meta’s latest fine comes after an investigation into reports that a “collated” set of Facebook personal data had been made available on the Internet. The inquiry examined Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer between May of 2018 and September of 2019.
“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for data protection by design and default,” Ireland Data Protection Commissioner Helen Dixon’s office said in a statement.
Facebook can appeal the decision before the Irish courts.