The Irish Data Protection Commission (DPC) has imposed a hefty fine of €91 million (approximately $102 million) on Meta for serious breaches in password security.
The DPC criticized the tech giant for failing to implement adequate security measures to protect user password data and for delaying notification of the breach.
The inquiry, which began in April 2019, was triggered by Meta Ireland’s disclosure that certain user passwords were stored in a readable format within its internal systems.
The breach, which occurred in January 2019, impacted around 36 million users of Facebook and Instagram in the European Economic Area.
Graham Doyle, the DPC’s communications head, emphasized the risks associated with storing user passwords in plaintext, a practice deemed highly unsafe.
Furthermore, it was noted that Meta did not report the issue to the regulator until March 2019, well after the breach occurred.
In response to the fine, Meta acknowledged the situation, asserting that it took immediate corrective actions.
The company also stated that there was no evidence of password abuse or unauthorized access and highlighted its proactive communication with the regulator throughout the inquiry.
