September 30, 2024 at 02:54AM
The Irish Data Protection Commission fined Meta €91 million for a security lapse, violating GDPR. Meta stored users’ passwords in plaintext, leading to exposure and potential abuse. The incident affected Facebook and Instagram passwords, prompting prompt DPC notification and technical measures. Meta took immediate action and proactively informed the DPC.
Key Takeaways from the Meeting Notes:
1. The Irish Data Protection Commission (DPC) fined Meta €91 million ($101.56 million) for violating four different articles under the European Union’s General Data Protection Regulation (GDPR) due to a security lapse in March 2019.
2. Meta disclosed that it had mistakenly stored users’ passwords in plaintext in its systems, leading to the exposure of a subset of users’ Facebook passwords and millions of Instagram passwords.
3. The DPC faulted Meta for failing to promptly notify the DPC of the data breach, document personal data breaches, and utilize proper technical measures to ensure the confidentiality of users’ passwords.
4. Meta stated that it took immediate action to fix the error and proactively flagged the issue to the DPC.
Please let me know if you need further clarification or additional details.