Emmanuel Ochayi
Meta, the parent company of Facebook, has been fined €91 million ($101.5 million) by the European Union’s Irish Data Protection Commission (DPC), for storing user passwords in plaintext.
The DPC launched an investigation five years ago, after Meta reported the issue, marking a significant breach of user privacy rules under the General Data Protection Regulation (GDPR).
Join our WhatsApp ChannelREAD ALSO: Meta Removes 63,000 Social Accounts Linked To Nigerian Scammers
Meta’s Response to the Security Incident
Meta acknowledged the breach at the time, revealing that some users’ passwords were stored without encryption.
A spokesperson for the company said, “We identified this issue during a security review in 2019 and immediately took action to resolve it.”
The spokesperson added that there was no evidence to suggest that the passwords were misused or accessed by unauthorised individuals.
DPC’s View on Meta’s Security Lapse
The Irish DPC, which oversees GDPR compliance for many U.S. tech giants with EU headquarters in Ireland, expressed concern over Meta’s practices.
Deputy Commissioner Graham Doyle emphasized, “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.”
History of Fines
This is not the first time they have been fined by the DPC. Since GDPR came into effect in 2018, Meta has faced a total of €2.5 billion in penalties for various privacy violations, including a record €1.2 billion fine in 2023.
Meta is currently appealing that decision. The company has consistently engaged with the DPC during investigations and insists on improving its data protection measures.
While they have taken steps to address the security lapse, the fine underscores the EU’s commitment to enforcing strict data protection rules.
The incident highlights the ongoing challenges major tech companies face in complying with GDPR and maintaining the security of user data.
