Ireland’s Data Protection Commission hit Meta with a €265 million in fines (about US$276 million), after more than 533 million users were investigated. Shortly after learning of the breach, the DPC launched an inquiry to determine whether Facebook was in compliance with Europe's General Data Protection Regulation (GDPR).
The leaked information, which was released online to a hacking community, includes the full names, contact information, addresses and dates of birth of users of the platform from 2018 to 2019. At the time, Meta claimed that the information was leaked in January 2021 and that the bad actor obtained it through a threat that the business closed in 2019.
The DPC has already fined Meta three times this year. Facebook was fined in March for falsifying records in connection with multiple data breaches in 2018 that exposed the personal information of nearly 30 million Facebook users. In September, the European authority imposed the fine after looking into how Instagram handled teen data.
The DPC fined Meta nearly $700 million in 2022. This does not include the amount WhatsApp paid last year for breaking European data privacy laws. An unnamed Meta representative said in a statement obtained:
Statement from Meta on the fine pic.twitter.com/SmCsfExWl0— Jess Kelly 👩🏻💻 (@jesskellynt) November 28, 2022
The Verge reached out to Meta for comment, but he did not immediately respond. The business outlined its efforts to combat data scraping, saying its External Data Misuse (EDM) team is tasked with identifying, preventing and blocking scraping.