**Meta Slapped with €91 Million Fine by Ireland's Data Protection Commission Over 2019 Security Breach**

Meta, formerly known as Facebook, has been hit with a hefty €91 million fine ($101.5 million) by Ireland's Data Protection Commission (DPC) following a lengthy investigation into a 2019 security breach. The DPC announced the penalty on Friday, marking yet another blow to Meta's already troubled record of privacy compliance in Europe.

The inquiry by the DPC began in April 2019 after Facebook, as Meta was then called, reported that hundreds of millions of user passwords had been stored in plaintext on its servers. According to the European Union's General Data Protection Regulation (GDPR), personal data must be secured appropriately, and the DPC found Meta's handling of the passwords to fall short of this requirement.

The investigation concluded that the exposure of passwords in plaintext posed significant risks by potentially allowing unauthorized third-party access to sensitive information within users’ social media accounts. In addition to this, the DPC noted Meta failed to notify the regulator of the breach within the required 72-hour window stipulated by GDPR and did not properly document the incident.

Deputy Commissioner Graham Doyle emphasized the severity of the lapse, stating, "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. The passwords in this case are particularly sensitive, as they would enable access to users' social media accounts."

In response to the sanction, Meta spokesperson Matthew Pollard stressed that the company took "immediate action" to rectify the error in its password management processes. Pollard asserted that there was "no evidence that these passwords were abused or accessed improperly" and highlighted Meta's proactive engagement and cooperation with the DPC throughout the inquiry.

This latest penalty is significantly higher than a €17 million fine imposed by the DPC on Meta in March 2022 for a separate 2018 security breach. While the earlier incident affected up to 30 million Facebook users, the 2019 breach exposed the passwords of hundreds of millions of users, underscoring the magnitude of the latter infringement.

Under GDPR, data protection authorities are empowered to issue fines based on factors like the nature, gravity, and duration of infringements, as well as the number of data subjects affected. Although a €91 million fine is substantial, it remains a small fraction of the maximum penalty that could be levied against Meta, which is 4% of the company’s global annual turnover. Given that Meta's annual revenue for 2023 was an astronomical $134.90 billion, the fine represents only a minor financial impact relative to the company's vast earnings.