cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Meta slammed with €265m fine for 500m user data breach

Meta, the parent company of Instagram, Facebook and the recently breached WhatsApp, has been slapped with a fine by the Irish data watchdog, totalling €265 million (roughly AU$406 million).

user icon Daniel Croft
Thu, 01 Dec 2022
Meta slammed with €265m fine for 500m user data breach
expand image

The social media giant was fined by the Irish Data Protection Commission (DPC), Facebook’s lead regulator for the EU’s General Data Protection Regulation (GDPR).

The fine is the result of a Facebook breach that occurred in 2018 and 2019 that saw the data of 530 million Facebook users posted online. Facebook initially said that the data was old and that it had fixed the issue.

“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorised data scraping is unacceptable and against our rules,” said Meta in a statement.


The DPC launched an inquiry last year on 14 April, after Facebook reported that it believed that the data breach occurred as a result of “malicious actors” scraping Facebook profiles. According to the inquiry, Facebook violated articles 25(1) and 25(2) of the GDPR.

“The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited (‘MPIL’) during the period between 25 May 2018 and September 2019,” said the DPC.

“The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default,” it said in reference to article 25(1).

“There was a comprehensive inquiry process, including cooperation with all of the other data protection supervisory authorities within the EU. Those supervisory authorities agreed with the decision of the DPC.”

The DPC has said that alongside the fine, it will ensure that Meta puts in place a number of practices that prevent this from happening in the future.

“The decision imposed a reprimand and an order requiring MPIL [Meta Platforms Ireland Limited] to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe.”

Meta has been racking up quite the bill of late, with fines starting September last year adding up to almost €1 billion (roughly AU$1.53 billion). It was fined €405 million (roughly AU$620.5 million) in September for allowing teenagers to make Instagram accounts that displayed personal details such as phone numbers and email addresses.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.