THE DATA PROTECTION Commission has announced that it has fined Facebook owner Meta €251m over a data protection failure that saw 29 million Facebook accounts hacked.

The Data Protection Commission (DPC) criticised Meta for a security flaw in its video upload function which hackers were able to exploit to gain full access to other users’ Facebook profiles.

Over a two week period in 2018, unauthorised users were able to hack into almost 30 million Facebook accounts globally, and had access to personal data including email addresses, phone numbers, locations and places of work.

Under the 27-nation EU’s strict privacy regime, Ireland’s DPC is Meta’s lead privacy regulator due to the company’s regional headquarters Dublin location.

“The failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals,” said Graham Doyle, the regulator’s head of communications.

“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data,” he added.

Meta Ireland and its US parent company remedied the breach shortly after its discovery, the DPC said, and reported the issue to the regulator in September 2018.

It is the latest fine in a series issued to the US social media giant and its rivals, as global regulators crack down on tech companies.

Meta has said that it would appeal against the decision.

In September, the DPC fined Meta 91 million euros for failing to put measures in place to protect users’ password data and for taking too long to alert the regulator of the issue.