Meta Fined €91m by Irish Data Watchdog for Password Breach

Meta, the parent company of Facebook, has been fined €91m (£75m) by the Irish Data Protection Commission (DPC) after an investigation revealed that user passwords were stored without encryption on its internal systems. The inquiry, launched in 2019, concluded that Meta had breached the General Data Protection Regulation (GDPR) on four counts. The decision was finalized on September 26, 2024, and included a reprimand alongside the fine.

Graham Doyle, DPC deputy commissioner, emphasized the risks posed by storing sensitive data such as user passwords in plaintext, noting that such practices could expose users to significant harm by enabling unauthorized access to their social media accounts. The commissioners for data protection, Dr. Des Hogan and Dale Sunderland, spearheaded the ruling.

This isn’t Meta’s first clash with the DPC. In May 2023, the company was hit with a record-breaking €1.2bn (£1bn) fine for mishandling data transfers between Europe and the U.S. Additionally, in 2022, Meta faced a €265m (£220m) penalty after data from 533 million users was exposed on a hacking forum.

Pic Courtesy: google/ images are subject to copyright