2 hours ago
7
A former worker at Meta is under criminal investigation on suspicion of downloading about 30,000 private Facebook images.
He was employed by the social media company when it is believed he designed a program to be able to access the pictures while avoiding internal security checks.
A specialist detective from the Metropolitan police’s cybercrime unit is investigating the alleged invasion of Facebook users’ privacy.
Meta told the Press Association that the suspected breach had been discovered more than a year ago and that the company itself had referred the matter to police in the UK.
It added that affected Facebook users had been notified, the suspect had been sacked and it had upgraded its security systems.
The man under suspicion, who lives in London, is on police bail while the criminal investigation continues.
According to court papers seen by the Press Association, police say he “is alleged to have accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta”.
“It is alleged that he created a script designed to circumvent Meta’s internal detection systems, allowing him to do so.”
Two weeks ago, two magistrates agreed to vary the man’s police bail so that he must next report to Met officers in May and inform the force of any plans for foreign travel.
A Meta spokesperson confirmed the existence of the criminal investigation, saying: “After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures.
“We are co-operating with the ongoing investigation.” It added that protecting user data was its top priority.
Meta, which also owns WhatsApp, suffered a landmark court defeat alongside Google last month after being accused of failing to protect its users from harm.
A court in Los Angeles found the companies liable for a woman’s childhood social media addiction, in a ruling which could have widespread ramifications for the way the platforms are operated in the future.
Jon Baines, a senior data protection specialist at the law firm Mishcon de Reya, said: “When an employee accesses personal data, such as images of customers, without the employer’s authorisation, there is the potential for offences under data protection and computer misuse laws to be committed by that employee.
“The general approach will be that, provided the employer – here, Meta – has appropriate technical and organisational measures in place to prevent, or at least detect, the unauthorised access, it will not itself be liable: the law doesn’t seek to punish responsible organisations for the actions of rogue employees.
“That said, if the information commissioner – or a court – were to decide that Meta had not had appropriate technical and organisational measures in place to protect customer data, then Meta (or another organisation in similar circumstances) might potentially be liable to significant fines, or to legal claims for damages.”
A spokesperson for the Information Commissioner’s Office (ICO) said: “We are aware of this incident … Social media users should be able to trust that their personal information is handled responsibly.”
