Meta faced a significant penalty on Friday, receiving a fine exceeding $100 million from the European Union's privacy regulator due to a security breach related to Facebook user passwords.

The Irish Data Protection Commission imposed a fine of 91 million euros ($101.6 million) after conducting an investigation into the matter.

The inquiry began in 2019 when Meta informed the commission that certain passwords had been unintentionally stored in plain text, meaning they were not encrypted and could be accessed by employees.

Deputy Commissioner Graham Doyle emphasized that it is “widely accepted” that user passwords should never be stored in plain text due to the potential for misuse.

Meta acknowledged that a security review revealed that a “subset” of Facebook users’ passwords had been “temporarily logged in a readable format.”

“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” the company said in a statement. “We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”

This fine adds to a series of substantial penalties imposed on Meta and its social media platforms by the Dublin-based regulator, which serves as the company's primary overseer under the EU's rigorous data privacy regulations. Previous fines include 405 million euros for Instagram regarding the mishandling of adolescent data, a 5.5 million euro penalty related to WhatsApp, and a 1.2 billion euro fine concerning transatlantic data transfers.