Data leak from 500 million users: Facebook receives a €265 million fine


Meta has to pay for a Facebook data leak. In May 2021 it became known that a data set containing information from more than 530 million users was circulating in a hacker forum. The Irish data protection authority IPC therefore imposed a fine of 265 million euros.

Because Meta has its European headquarters in Dublin, the Irish Data Protection Authority (DPC) is responsible for controlling Facebook. As the authority announced today, the investigation into the incident has been completed. Meta has to pay 265 million euros due to GDPR violations. In addition, the group is obliged to implement a number of measures to prevent such data leaks in the future.

Data leak with sensitive data

The data set published in scene forums related to a good 533 million Facebook profiles from 107 countries. In Germany there were around six million users, including celebrities such as some members of the Bundestag. In addition to the name and the Facebook ID, the tapped data also included the private telephone numbers and private e-mail addresses as well as information on the place of residence and birth.

The data was collected using screen scraping and a security hole in Facebook's “Add Friends” function. So it was not a “classic” hack where attackers had access to internal systems. Still, the damage was severe.

Data protection activist welcomes punishment

Max Schrems, a well-known data protection activist, welcomes the decision. That would be the first of three penalties Meta could receive later this year or early next year. 265 million euros would therefore be a good start, according to the activist.

The DPC itself is regularly criticized. Delayed procedures and too timid dealings with the Irish-based tech companies are part of the allegations that have already been discussed in the EU Parliament.