Meta Fined $101.5M by Irish DPC for Storing User Passwords in Plain Text

Why Trust Techopedia
Key Takeaways

  • Irish Data Protection Commission has imposed a $101.5 million fine on Meta.
  • The fine has been issued due to a security breach that involved social media users' passwords.
  • Meta has recently received multiple fines from regulatory authorities.

Following a 2019 investigation, Meta faces a multimillion fine from the Irish DPC for storing user passwords in plain text without proper encryption.

The Irish Data Protection Commission imposed a $101.5 million fine on Meta following an investigation into a 2019 security breach in which Meta stored users’ passwords in plain text without cryptographic protection or encryption.

The Data Protection Commission (DPC) determined that Meta violated several GDPR related to the breach, including failing to document and notify the DPC of a personal data breach concerning storing users’ passwords in plain text. Additionally, the regulatory body concluded that Meta did not implement the required technical measures to ensure the security of its users’ data against unauthorized access.

As a result of these GDPR violations, Data Protection Commissioners Dr. Des Hogan and Dale Sunderland issued their decision against Meta, which included a formal reprimand in addition to the $101.5 million fine.

Meta’s Recent Legal Issues

The inquiry began in April 2019, when Meta informed the DPC that during a routine security review in January, it discovered that its internal data system had inadvertently stored social media users’ passwords in plain text since 2012.

Initially, Meta believed that only Facebook users’ passwords were affected, but a month later, it was revealed that millions of Instagram users’ passwords were also stored similarly. Although the passwords were not exposed to external parties, they were easily accessible to Facebook employees.

Series of Fines for Meta

This is not the first time Meta has faced fines under GDPR. In 2023, the regulatory body imposed a hefty $1.3 billion fine for violations of EU data privacy rules.

In 2022, the company was fined $276 million after a 2021 data leak exposed the personal information of more than 533 million users. That same year, Instagram was hit with a $402 million fine for mishandling the personal data of teenagers.