Meta was hit with a $102 million data protection fine by the European Union for data breaches in 2019

LONDON– Meta was fined more than $100 million by the social media giant’s European Union data protection regulator on Friday over a password security flaw for Facebook users.

The Irish Data Protection Commission said it had fined the U.S. tech company 91 million euros ($101.6 million) after an investigation.

The regulator began investigating in 2019 after Meta said some passwords had been accidentally stored internally in plain text, meaning they were not encrypted and allowed employees to search for them.

Assistant Commissioner Graham Doyle said it was “widely accepted” that user passwords should not be stored in plain text “given the risks of misuse”.

Meta said a security audit found that a “subset” of Facebook users’ passwords had been “temporarily logged in a readable format.”

“We took immediate action to resolve this error and there is no evidence that these passwords were misused or accessed unlawfully,” the company said in a statement. “We proactively reported this issue to our lead regulator, the Irish Data Protection Commission, and engaged constructively with them throughout the investigation.”

It is the latest in a series of hefty fines against Meta and its social media platforms by the Dublin-based watchdog, which is the company’s lead regulator under the EU’s 27-nation strict data protection rules. These include a €405 million fine for Instagram for misusing teenagers’ data, a €5.5 million fine related to WhatsApp and a €1.2 billion fine for Meta for transatlantic data transfers.