European Union privacy regulators fined Meta Platforms (META, Financial), €251 million ($276 million) as part of a 2018 data breach that exposed millions of user's accounts. The penalties were announced after the Data Protection Commission (DPC) in Ireland concluded its investigation into the attack, in which hackers exploited bugs to steal so-called digital 'access tokens' and gain unauthorized access to the accounts.
The Irish DPC, which is subject to the EU's General Data Protection Regulation (GDPR), is Meta's regional privacy cop, with its headquarters in Dublin. It has found multiple GDPR rule violations and has issued reprimands and administrative fines.
The breach, first disclosed by Facebook in 2018, was affecting 50 million accounts. But the DPC said that was actually just 29 million accounts, with 3 million in Europe.
In an appeal, Meta said it took immediate action to quash the issue when it discovered it. It informed regulators in Europe and the United States, including the FBI, and users affected by the incident.
The decision adds yet more regulatory woes to Meta, which must navigate more strict privacy rules in Europe.