Meta, Facebook’s parent company, has been hit with another hefty fine in Europe. This time, the Irish Data Protection Commission (DPC) fined Meta €91 million (around $101.5 million) for failing to secure Facebook passwords during a 2019 breach. The DPC's investigation revealed that Meta had stored hundreds of millions of user passwords in plaintext, making them vulnerable to access by unauthorized parties, in violation of the EU's strict GDPR regulations.
The DPC concluded that Meta failed to meet GDPR standards, particularly because it didn’t encrypt users' passwords, which put sensitive personal data at risk. Additionally, Meta did not report the breach within the required 72-hour window and failed to document the incident properly. Meta claimed that the issue was quickly addressed, but the DPC wasn’t convinced, noting that storing passwords in plaintext is a widely known security risk. The €91 million penalty is one of many that Meta has faced under GDPR, highlighting its ongoing challenges with privacy compliance in the EU.
Data that is not encrypted and is easily readable.
The General Data Protection Regulation, a strict European Union law governing data protection and privacy.
For those entering tech, this incident is a crucial reminder of the importance of strong data security practices, like encryption. Understanding regulations like GDPR is also vital, as privacy laws affect how tech companies handle personal data.
Small businesses should take this as a lesson in the cost of poor data security. Properly securing sensitive information and adhering to privacy laws like GDPR can prevent massive fines and protect customer trust. Even small lapses can lead to big penalties.
