A former Meta employee is under criminal investigation by the Metropolitan Police after being accused of downloading 30,000 private images from Facebook.
A former Meta employee has been accused of downloading 30,000 private images from Facebook.
The man, who is under criminal investigation, was employed by the social media giant when it is thought that he designed a programme that enabled him to access the pictures while evading security checks.
A specialist detective from the Metropolitan Police’s cybercrime unit is investigating the alleged invasion of Facebook users’ privacy.
Meta explained that the suspected breach had been discovered over a year ago and the company itself had referred the matter to the police.
It added that the affected Facebook users had been notified, the suspect had been sacked from his role and it had upgraded its security systems.
The man under suspicion lives in London and is on police bail while the investigation continues.
According to court papers, police say he “is alleged to have accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta”.
They added: “It is alleged that he created a script designed to circumvent Meta’s internal detection systems, allowing him to do so.”
A Meta spokesperson has confirmed the existence of the criminal investigation, stating: “After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures.
“We are co-operating with the ongoing investigation.”
Jon Baines, a senior data protection specialist at the law firm Mishcon de Reya, said: “When an employee accesses personal data, such as images of customers, without the employer’s authorisation, there is the potential for offences under data protection and computer misuse laws to be committed by that employee.
“The general approach will be that, provided the employer – here, Meta – has appropriate technical and organisational measures in place to prevent, or at least detect, the unauthorised access, it will not itself be liable: the law doesn’t seek to punish responsible organisations for the actions of rogue employees.
“That said, if the information commissioner – or a court – were to decide that Meta had not had appropriate technical and organisational measures in place to protect customer data, then Meta (or another organisation in similar circumstances) might potentially be liable to significant fines, or to legal claims for damages.”
Former Meta employee accused of downloading 30,000 private Facebook images
