Meta, the parent company of Facebook, has been fined over €250m by the Irish Data Protection Commission (DPC).

The fine was issued for a data breach impacting approximately 29 million Facebook accounts globally, including three million in the EU/EEA.

The breach, reported by Meta in September 2018, involved the exposure of users’ personal data, including full names, email addresses, phone numbers, locations, workplaces, dates of birth, religions, and genders.

It was caused by the exploitation of user tokens on Facebook by unauthorized third parties.

Meta resolved the issue in Ireland shortly after its discovery.

The DPC’s decision, led by commissioners Dr. Des Hogan and Dale Sunderland, resulted in several reprimands and administrative fines totaling €251m.

DPC Deputy Commissioner Graham Doyle stated, "By allowing unauthorized exposure of profile information, the vulnerabilities behind this breach posed a significant risk of misuse of such data."