Connect with us

Hi, what are you looking for?

Tech

Meta Fined €91m for GDPR Violations in User Password Breach – Ravenewsonline

Ireland’s Data Protection Commission (DPC) has announced a €91 million fine against Meta Platforms Ireland Limited (MPIL) following an inquiry into the company’s handling of user passwords.

This decision marks a significant development in the enforcement of the General Data Protection Regulation (GDPR), highlighting the importance of secure data handling practices by major tech companies.

The inquiry, which began in April 2019, was initiated after MPIL reported that it had inadvertently stored certain users’ social media passwords in plaintext on its internal systems.

Plaintext storage means the passwords were not encrypted or protected using cryptographic measures, leaving them vulnerable to unauthorized access.

Although the incident was contained within Meta’s internal systems and no external parties gained access to the passwords, the company’s failure to ensure proper security led to a series of GDPR violations.

Findings and Violations

The DPC’s investigation concluded that MPIL had breached several key provisions of the GDPR:

Failure to Notify the DPC of the Breach: MPIL violated Article 33(1) of the GDPR by failing to promptly inform the DPC of the personal data breach concerning the storage of user passwords in plaintext.

Failure to Document the Breach: According to Article 33(5) GDPR, MPIL failed to properly document the breach, which is required to ensure transparency and accountability in data handling.

Inadequate Security Measures: MPIL violated Article 5(1)(f) and Article 32(1) of the GDPR by not implementing appropriate technical and organizational measures to secure user passwords, leaving them susceptible to unauthorized processing.

These violations underscore the company’s inadequate response to the risks posed by insecure password storage and its failure to meet the regulatory standards set by GDPR.

Decision and Penalties

On September 26, 2024, the DPC issued its final decision, which included both a reprimand and a €91 million fine.

The decision was reached after the draft was reviewed by Concerned Supervisory Authorities across the EU/EEA, as required under GDPR’s Article 60. No objections were raised, confirming the widespread support for the ruling.

Deputy Commissioner Graham Doyle emphasized the severity of the incident, noting that “user passwords should not be stored in plaintext, given the risk of abuse.”

He stressed that the sensitivity of these passwords, which allow access to personal social media accounts, made it crucial for companies to implement robust security measures.

Series of Fines

This is not the first time Meta is facing fines under GDPR. In 2023, the company was hit with a massive $1.3 billion penalty for breaching EU data privacy regulations.

Additionally, in 2022, Meta was fined $276 million following a 2021 data breach that compromised the personal information of over 533 million users.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement

advert
nis
ad

You May Also Like

News

Dr. Ibrahim Abubakar Kana, Permanent Secretary, Ministry of Defence has inaugurated the Project Steering Committee and Project Implementation Technical Team for the Performance Management...

News

The N1 million extorted from three members of National Youth Service Corps (NYSC) by four officers of Lagos Police Command has been recovered and...

Politics

President Bola Ahmed Tinubu has conferred the nation’s second highest national honour, the Grand Commander of the Order of the Niger (GCON), on the...

Tech

Techeconomy, a Lagos-based media startup, has announced the launch of Techeconomy Business Series [TBS]. The startup which offers its readers Content-as-a-Service (CaaS) by telling...