The breach occurred due to unauthorised third parties exploiting user tokens on the Facebook platform. Credit: Alex Photo Stock/Shutterstock.

The Irish Data Protection Commission (DPC) has imposed a €251m ($263.5m) fine on Meta Platforms Ireland (MPIL) following a data breach investigation.

The DPC announced its final decisions after conducting two inquiries into Meta.

Go deeper with GlobalData

Data Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

These own-volition inquiries were initiated by the DPC following a personal data breach reported by Meta in September 2018.

This data breach affected approximately 29 million Facebook accounts globally, with around three million based in the EU/EEA, according to the DPC.

The personal data categories impacted included users’ full names, email addresses, phone numbers, locations, places of work, dates of birth, religions, genders, posts on timelines, group memberships, and children’s personal data.

The breach occurred due to unauthorised third parties exploiting user tokens on the Facebook platform.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

MPIL and its US parent company remedied the breach shortly after its discovery.

DPC deputy commissioner Graham Doyle said: “This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals.

“Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances. By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”

In November 2024, India’s competition watchdog Competition Commission of India (CCI) imposed a $25.4m (Rs2.13bn) fine on Meta for “abusing its dominant position”.

The watchdog also directed WhatsApp to halt sharing user data with other Meta-owned applications for non-service purposes for five years.