Meta has been fined roughly $275 million by Ireland’s data privacy regulator for failing to prevent hackers from siphoning off personal information from more than 500 million Facebook users in a 2019 data leak.
Monday’s announcement marked the fourth time in about a year that Facebook (FB)’s parent company has been penalized by the Irish Data Protection Commission, the chief privacy regulator overseeing Meta’s operations in Europe. The decision to impose the fine was made last Friday, the commission said.
Related: German Watchdog Continues Observations As Meta Changes VR Rules
Since the fall of 2021, Ireland’s DPC has slapped Meta with 912 million euros in fines, going after the social media titan and its other subsidiaries, Instagram and WhatsApp, for alleged violations of Europe’s signature data privacy law, known as the General Data Protection Regulation (GDPR).
Earlier this fall, Meta was hit with a 405 million euro fine over Instagram’s handling of children’s data, the second-largest GDPR fine in history. Other enforcement actions, in March 2022 and September 2021, led to fines of 17 million euros and 225 million euros, respectively.
In a statement Monday, a Meta spokesperson said it was reviewing the DPC’s decision “carefully” and that it had cooperated fully with the agency’s investigation.
The probe began last April after Business Insider reported that more than half a billion Facebook users’ details had been posted on an underground hacker website. At the time, Facebook said malicious actors had abused its contact importer tool to match known phone numbers against the profiles of Facebook users before harvesting additional information from their profiles.