Ireland’s data privacy regulator has fined Meta nearly $275 million for failing to prevent hackers from stealing the personal information of more than 500 million Facebook users in 2019.
The announcement marks the conclusion of an investigation that began in April last year when it was revealed that Facebook users’ personal information was posted on a dark website. Hackers had exploited the company’s contact importer tool to match phone numbers against the profiles of Facebook users before harvesting additional information from their profiles.
It is the fourth time the regulator has charged Meta and its other subsidiaries for violating Europe’s General Data Protection Regulation (GDPR) regulation. So far, the regulator has fined the company nearly €912 million since the fall of 2021.
“Protecting the privacy and security of people’s data is fundamental to how our business works,” Meta said in a statement issued on Monday. “We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorized data scraping is unacceptable and against our rules and we will continue working with our peers on this industry challenge.”
Earlier this fall, the company was slapped with a fine of €405 million for mishandling children’s data — the second largest GDPR fine to have ever been issued. And in March 2022 and September 2021, the company was fined €17 million and €225 million, respectively, CNN reported.