Meta confirmed a breach was discovered over a year ago, the employee involved was terminated, affected users were notified, police referred the case, and security measures were upgraded; the suspect is on police bail and due to report to Met officers in May with any travel plans.

The Metropolitan Police cybercrime unit is leading the investigation, with court papers indicating the alleged actions involved accessing private images without authorization.

The ICO underscored ongoing engagement with Meta and stressed the importance of protecting users’ rights and freedoms in data handling.

The case is framed within broader regulatory and legal challenges facing Meta and other tech companies.

Legal experts say the core issue involves potential breaches of data protection and computer misuse laws, with employer responsibility tied to the effectiveness of technical and organizational measures against unauthorized access.

The report notes a broader regulatory landscape, including the LA ruling holding Meta and others liable for harms related to children’s social media use.

Background context includes a 2018 Facebook bug affecting up to 6.8 million users and a 2024 Irish Data Protection Commission fine for plaintext password storage, underscoring ongoing data-protection concerns for Meta.

This incident adds to Meta’s security and regulatory challenges, including a 2022 €265 million Irish fine over a large data breach and ongoing legal battles over app design and privacy issues.

Legal experts note that if Meta lacked robust technical and organizational measures, it could face liability or damages, though generally employers aren’t liable for rogue employees if safeguards exist.

Commentary from Jon Baines of Mishcon de Reya explains that employers are typically not liable for rogue employees if adequate security measures are in place, but insufficient safeguards could invite liability; ICO emphasizes ongoing engagement to safeguard user rights.

The Information Commissioner’s Office stated awareness of the incident and highlighted public trust in how personal information is handled.

The article references a recent Los Angeles court ruling involving Meta and Google over harms linked to children’s social media use, illustrating wider regulatory pressure on platforms.