Former Meta employee accused of downloading 30,000 Facebook user images

A former Meta employee based in London is under criminal investigation for allegedly downloading approximately 30,000 private Facebook images. The engineer is suspected of designing a specialised script to bypass internal security and detection systems during his tenure at the social media company. The Metropolitan Police Service (MPS) cybercrime unit launched the investigation after Meta discovered the personal data breach over a year ago and referred the matter to UK authorities.

Meta confirmed that the individual was sacked immediately following the discovery. The company has since upgraded its security systems and notified affected users. According to court documents, the engineer, who is currently on police bail, is accused of accessing private images while employed at the company.

A spokesperson for Meta stated that protecting user data remains the company's top priority and confirmed full cooperation with the ongoing investigation. 

In comments given to ITV News, data protection specialist Jon Baines said: "When an employee accesses personal data, such as images of customers, without the employer's authorisation, there is the potential for offences under data protection and computer misuse laws to be committed by that employee.

"The general approach will be that, provided the employer – here, Meta – has appropriate technical and organisational measures in place to prevent, or at least detect, the unauthorised access, it will not itself be liable: the law doesn't seek to punish responsible organisations for the actions of rogue employees.

"That said, if the Information Commissioner – or a court – were to decide that Meta had not had appropriate technical and organisational measures in place to protect customer data, then Meta (or another organisation in similar circumstances) might potentially be liable to significant fines, or to legal claims for damages."

Training Announcement: Freevacy offers a range of independent data protection qualifications from IAPP and BCS. Our certified courses are available at foundation and practitioner levels and cover multiple legal jurisdictions, data protection operations management, and the implementation of complex privacy solutions in technical environments. Find out more.