Ex-Meta employee being investigated for downloading 30,000 private Facebook photos
What's the story
A former Meta employee is being investigated by the UK police for allegedly downloading around 30,000 private Facebook images. The individual, who worked for Meta and lives in London, is said to have developed a program that helped him access these pictures while bypassing internal security checks. A specialist detective from the Metropolitan Police's cybercrime unit has launched a criminal probe into this alleged violation of Facebook users' privacy.
Company statement
Meta discovered the breach over a year ago
Meta has confirmed that it discovered the suspected breach over a year ago and referred the matter to UK police. The company also said that affected Facebook users were notified about the incident, while the suspect was sacked from his position. In addition, Meta has upgraded its security systems in light of this incident. The man under investigation is currently on police bail as the criminal probe continues.
Incident specifics
Allegations against the former employee
Court documents show that the former Meta employee is accused of accessing and downloading some 30,000 private pictures belonging to Facebook users while working for the company. He allegedly created a script intended to bypass Meta's internal detection systems, enabling him to do so. Two weeks ago, two magistrates agreed to change the man's police bail conditions requiring him to report back in May and inform officers about any overseas travel plans.
Data security
Meta's stance on the ongoing investigation
A Meta spokesperson confirmed the ongoing criminal investigation, stressing that protecting user data is their top priority. "After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures," the spokesperson said. The representative also added that they are cooperating with the ongoing investigation.
Laws
Legal implications of unauthorized access to personal data
Jon Baines, a senior data protection specialist at law firm Mishcon de Reya, explained the potential legal consequences of an employee accessing personal data without authorization. He said such actions could lead to violations of data protection and computer misuse laws. However, if the employer has proper technical and organizational measures in place to prevent or detect unauthorized access, it may not be held liable for the actions of rogue employees.