A former employee of Meta is currently facing a criminal investigation for allegedly downloading around 30,000 private images from Facebook. During his tenure at the social media giant, it is suspected that he developed a program that enabled him to access these photos while bypassing internal security protocols.
The investigation is being conducted by a specialized detective from the Metropolitan Police’s cybercrime unit, focusing on the purported breach of privacy affecting Facebook users. Meta confirmed to the Press Association that the incident was identified over a year ago, prompting the company to report the matter to British authorities.
Meta stated that they have informed the users impacted by the breach, terminated the suspect’s employment, and enhanced their security measures as a precaution. The individual, who resides in London, is currently released on police bail as the investigation proceeds.
According to court documents reviewed by the Press Association, law enforcement claims that the suspect is accused of accessing and downloading approximately 30,000 private user images while employed at Meta. It is alleged that he created a script specifically designed to evade Meta’s internal detection systems, facilitating this unauthorized access.
Recently, two magistrates approved a modification of the man’s police bail conditions, requiring him to report to the Metropolitan Police in May and to notify them of any travel plans outside the country.
A Meta representative confirmed that the criminal investigation is ongoing, emphasizing that the company took immediate action upon discovering the unauthorized access over a year ago. They noted, “We promptly terminated the individual, alerted the affected users, referred the case to law enforcement, and strengthened our security measures. Protecting user data remains our highest priority.”
In a separate matter, Meta, alongside Google, faced a significant legal defeat last month when a court in Los Angeles held both companies accountable for failing to safeguard users from harm related to social media addiction, particularly concerning a woman’s experiences during her childhood. This ruling may have substantial implications for the operational practices of social media platforms moving forward.
Jon Baines, a senior data protection expert at the law firm Mishcon de Reya, commented on the situation, stating, “When an employee accesses personal data, including customer images, without authorization, it could lead to violations of data protection and computer misuse laws. Generally, if the employer, in this case Meta, has implemented adequate technical and organizational measures to prevent or at least detect unauthorized access, they would not be held liable, as the law does not penalize responsible organizations for rogue employee actions.”
However, he cautioned that if the Information Commissioner or a court determined that Meta lacked appropriate measures to protect customer data, the company could face significant fines or legal claims for damages.
A spokesperson for the Information Commissioner’s Office (ICO) remarked, “We are aware of this incident. Social media users should be able to trust that their personal information is managed responsibly.”
