Ireland's Data Protection Commissioner has fined Meta €251 Million over the September 2018 personal data breach.

The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data. The breach arose from the exploitation by unauthorised third parties of user tokens[1] on the Facebook platform. The breach was remedied by MPIL and its US parent company shortly after its discovery.

[dataprotection.ie...]