Facebook parent company Meta has been fined €91m by the Irish Data Protection Commission (DPC) over a failure to protect users’ passwords.
It follows a lengthy five year investigation into the storage of passwords by Meta.
The inquiry was launched in April 2019, after Meta, which is also the parent company to Instagram and WhatsApp, notified the DPC in March of that year that it had inadvertently stored certain passwords of social media users in “plaintext” on its internal systems, without cryptographic protection or encryption.
The investigation found four breaches of the General Data Protection Regulation (GDPR) relating to failures to notify and document personal data breaches, as well as failures to use appropriate technical or organisational measures to ensure the security of users’ passwords.
The DPC submitted a draft decision to its fellow European data watchdogs in June and no objections were raised by the other authorities.
The decision, which was made by the Commissioners for Data Protection, Dr Des Hogan and …