Meta, the company which owns Facebook, Instagram and WhatsApp, has been fined €265m (£228m) by the Irish Data Protection Commission (DPC).
The fine is over a data breach that saw the personal details of hundreds of millions of Facebook users published online.
Phone numbers and email addresses of up to 533m users appeared on an online hacking forum.
The DPC launched an investigation in April 2021.
Facebook said at the time that the information, some of which had already appeared online a number of years ago, was “scraped”, but not hacked, by malicious actors through a vulnerability in its tools prior to September 2019.
“Scraping” uses automated software to lift public information from the internet that can then end up being distributed in online forums.
However, the DPC found that Meta was in breach of Article 25 of General Data Protection Regulation (GDPR) rules.
Back in September, Meta lodged an appeal in the High Court against a record fine of €405m imposed on Instagram by the DPC.
It was the largest fine ever handed down by the Irish data watchdog and was issued for breaches relating to the processing of children’s data.