DUBLIN: An Irish regulator tasked with overseeing data privacy in the European Union has fined Meta, the parent company of Facebook, €91 million (approximately $102 million) for breaches related to password security.
The Data Protection Commission (DPC) criticized Meta for failing to implement adequate security measures to protect users’ password data and for delaying notification of the issue to the regulator.
The investigation began in April 2019 after Meta Ireland reported that it had “inadvertently stored certain passwords of social media users” in a readable format on its internal systems. Graham Doyle, the DPC’s head of communications, emphasized that it is widely recognized that user passwords should not be stored in plaintext due to the potential for abuse if accessed.
READ ALSO: Harris Criticizes Trump’s Stance on Ukraine
The breach, which occurred in January 2019, affected 36 million Facebook and Instagram users across the European Economic Area, which includes the EU, Iceland, Liechtenstein, and Norway. The DPC also criticized Meta for not informing them of the issue until March 2019.
In response, Meta acknowledged that some Facebook users’ passwords were “temporarily stored in a readable format in our internal data systems.” A spokesperson stated, “We took immediate action to rectify this error, and there is no evidence that these passwords were abused or accessed improperly. We proactively reported this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively throughout the inquiry.”