Ireland’s data protection commission has fined Meta Platforms Inc.’s Irish branch €91 million ($102 million) following an investigation into password storing by the company, according to a statement by the regulator.
It follows an inquiry that began in April 2019 after the Facebook owner informed the DPC that it had inadvertently stored certain passwords of social media users in ‘plaintext’ on its internal systems without cryptographic protection or encryption.
It only adds to a record €1.2 billion ($1.3 billion) European Union privacy fine that the tech giant was handed last year by the same commission which accused it of shipping users’ data to the US. The fines are part of the EU’s broader big tech crackdown, of which the Irish watchdog plays a large part in as the lead privacy regulator for some of the biggest tech firms with an EU base in the country.
The decision from the DPC includes four findings of infringement of the GDPR relating to personal data breaches and not ensuring the appropriate security of users’ passwords.
Also Read: Meta introduces chatbots for Instagram, WhatsApp and Facebook
The company found the issue as part of a security review in 2019, a Meta spokesperson said in an email to Bloomberg.
“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly. We pro actively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry,” the spokesperson said.
“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” Deputy Commissioner at the DPC, Graham Doyle, said in the statement.
The commission will publish the full decision and further related information in due course, the statement added Friday.