Connect with us

    Hi, what are you looking for?

    Tech

    Meta Fined €91m for GDPR Violations in User Password Breach – Ravenewsonline

    Ireland’s Data Protection Commission (DPC) has announced a €91 million fine against Meta Platforms Ireland Limited (MPIL) following an inquiry into the company’s handling of user passwords.

    This decision marks a significant development in the enforcement of the General Data Protection Regulation (GDPR), highlighting the importance of secure data handling practices by major tech companies.

    The inquiry, which began in April 2019, was initiated after MPIL reported that it had inadvertently stored certain users’ social media passwords in plaintext on its internal systems.

    Plaintext storage means the passwords were not encrypted or protected using cryptographic measures, leaving them vulnerable to unauthorized access.

    Although the incident was contained within Meta’s internal systems and no external parties gained access to the passwords, the company’s failure to ensure proper security led to a series of GDPR violations.

    Findings and Violations

    The DPC’s investigation concluded that MPIL had breached several key provisions of the GDPR:

    Failure to Notify the DPC of the Breach: MPIL violated Article 33(1) of the GDPR by failing to promptly inform the DPC of the personal data breach concerning the storage of user passwords in plaintext.

    Failure to Document the Breach: According to Article 33(5) GDPR, MPIL failed to properly document the breach, which is required to ensure transparency and accountability in data handling.

    Inadequate Security Measures: MPIL violated Article 5(1)(f) and Article 32(1) of the GDPR by not implementing appropriate technical and organizational measures to secure user passwords, leaving them susceptible to unauthorized processing.

    These violations underscore the company’s inadequate response to the risks posed by insecure password storage and its failure to meet the regulatory standards set by GDPR.

    Decision and Penalties

    On September 26, 2024, the DPC issued its final decision, which included both a reprimand and a €91 million fine.

    The decision was reached after the draft was reviewed by Concerned Supervisory Authorities across the EU/EEA, as required under GDPR’s Article 60. No objections were raised, confirming the widespread support for the ruling.

    Deputy Commissioner Graham Doyle emphasized the severity of the incident, noting that “user passwords should not be stored in plaintext, given the risk of abuse.”

    He stressed that the sensitivity of these passwords, which allow access to personal social media accounts, made it crucial for companies to implement robust security measures.

    Series of Fines

    This is not the first time Meta is facing fines under GDPR. In 2023, the company was hit with a massive $1.3 billion penalty for breaching EU data privacy regulations.

    Additionally, in 2022, Meta was fined $276 million following a 2021 data breach that compromised the personal information of over 533 million users.

    Loading

    Spread the love
    Click to comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    ad

    You May Also Like

    Opinion

    Socio-Economic Rights and Accountability Project (SERAP) has called on the leadership of the National Assembly to investigate the alleged allocation of more than ₦1.3...

    News

    Zedvance Finance Limited has appointed Professor Pius ‘Deji’ Olanrewaju as Chairman of its Board of Directors, effective July 1, subject to the approval of...

    News

    Operatives of the National Drug Law Enforcement Agency (NDLEA) have arrested a 67-year-old Nigerian-British grandmother, Mrs. Mary Yetunde Barek, for allegedly attempting to smuggle...

    Entertainment

    U.S. President Donald Trump is reportedly considering granting presidential pardons to several high-profile convicts, including music mogul Sean “Diddy” Combs and Grammy-winning rapper Prakazrel...