Ireland fines Meta $275 million over 2019 data breach

The leaked data includes 533 million records Displays Facebook ID, birthday, phone number, and email posted on a public forum. Of the users included in the list, approximately 32 million are in the US and approximately 11 million are in the UK.

In addition to the fine, the DPC ordered Meta to “bring its processing into compliance by taking a specified series of remedial actions within a specified time frame,” the DPC said in a statement.

A Meta spokesman said on Monday it was cooperating with the committee’s investigation and was reviewing the decision “carefully”.

“Protecting the privacy and security of people’s data is fundamental to how we do business,” Meta said in a statement.

“We made changes to our systems at the relevant time, including removing the ability to use phone numbers to scrape our functionality in this way. Unauthorized data scraping is unacceptable and is against our policies, We will continue to work with our peers to address this industry challenge,” the company said.

The Irish DPC has fined Meta four times in the past year for alleged breaches of European data privacy law known as the General Data Protection Regulation.

Meta’s latest fine follows an investigation into reports that “curated” sets of Facebook personal data have been made available on the internet. The survey examined Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer between May 2018 and September 2019.

The office of Irish Data Protection Commissioner Helen Dixon said: “The substantive questions in this inquiry relate to compliance with GDPR design and default data protection obligations” said in a statement.

Facebook can appeal to Irish courts.