After a four-year investigation into password security practices, Ireland has fined Facebook’s parent company Meta $102 million and issued a formal reprimand. The Data Protection Commission (DPC) of Ireland found that Meta failed to adequately protect users’ passwords, leading to the inadvertent storage of sensitive information in plaintext within the company’s internal systems.
The investigation, which began in April 2019, was initiated after Meta notified the DPC about the issue. It was discovered that passwords belonging to hundreds of millions of users on platforms like Facebook, Facebook Lite, and Instagram were stored without proper encryption or cryptographic protection.
Despite Meta’s assurance that the passwords were not visible to external parties and that there was no evidence of misuse, the DPC’s investigation revealed several violations of the General Data Protection Regulation (GDPR) by the company.
The DPC’s final decision, made by commissioners Des Hogan and Dale Sunderland, identified four key areas where Meta’s practices did not comply with GDPR provisions. These included failure to promptly notify the DPC of the data breach, lack of proper documentation, inadequate security measures for protecting passwords, and not maintaining an appropriate level of security for storing passwords in plaintext.
Meta has not yet indicated whether they plan to appeal the decision. The company previously acknowledged the seriousness of the password security breach and claimed to have made improvements to their security practices in response.
This $102 million fine is just the latest in a series of penalties imposed on Meta by Irish regulators. In 2023, Meta received a record $1.34 billion fine for unlawfully transferring EU user data to the US, followed by fines totaling $414 million for GDPR breaches related to Facebook and Instagram.
The GDPR, enacted in 2018, aims to protect the data rights of EU citizens and imposes strict obligations on companies to safeguard personal information. While the regulation has strengthened individual rights, it has also posed challenges for smaller companies that struggle to meet its requirements.
Overall, the GDPR has been praised for its robust data protection framework and enforcement powers, which allow regulators to impose significant fines on non-compliant companies.
Please rewrite this sentence.
Source link
