A former Meta employee is currently at the center of a criminal investigation conducted by British authorities.
The charge against him is serious: the man is suspected of illicitly taking around 30,000 private images belonging to Facebook members.
According to findings from early investigations, conducted by a specialized investigator from the Metropolitan Police’s Cyber Crime Unit, the suspect would have acted while still regularly employed by the large tech company.
Download of 30,000 private photos from Facebook, former Meta employee under accusation
Judicial documents reviewed by the Press Association reveal precise details about the method used to carry out the massive data exfiltration.
The individual purportedly developed a specific software program, a tailor-made script to bypass the company’s strict internal security controls, enabling him to access restricted content undetected.
Currently, the man, living in London, is on bail. The conditions set by two judges require the exact duty to report to law enforcement in May and to inform in advance of any travel plans outside national borders.
Company reaction and countermeasures implemented
The breach was discovered more than a year ago. The multinational, which also owns the WhatsApp messaging service, officially confirmed the existence of the ongoing investigation through a spokesperson.
Once the improper access to the company’s IT systems by its employee was detected, the leadership’s reaction was immediate: the worker was fired on the spot, users whose photo archives were compromised were notified promptly, and the entire incident was reported to UK authorities by the company on its own initiative.
The company’s leadership also sought to reassure users, stressing that the defense systems had been promptly updated to absolutely prevent a recurrence of similar intrusions.
The company reiterated its unconditional cooperation with British investigators, stressing that the protection of personal information and privacy safeguarding remain the absolute priorities for the entire social network infrastructure.
Legal responsibility and personal data protection
Legally, the unfortunate case raises very delicate questions regarding the direct responsibilities of large digital platforms.
Jon Baines, a senior data protection specialist at the law firm Mishcon de Reya, has clearly outlined the possible implications of an event of this scale. An employee who accesses sensitive information, such as customers’ personal images, without any authorization, faces heavy charges related to cybercrime and breach of confidentiality.
However, the employer might not be legally liable if it can demonstrate that it has implemented technical and organizational measures fully adequate to prevent or at least promptly detect a potential breach.
The overall legal stance, in fact, does not aim to penalize diligent companies for illicit actions by disloyal staff.
Conversely, should the Information Commissioner’s Office (ICO) or a court of law determine that Meta’s IT protocols were not sufficient to guarantee the inviolability of customer information, the company would face significant monetary penalties or substantial compensation claims from victims.
A spokesperson for the ICO has already confirmed that the regulator is actively monitoring the incident, publicly reminding that users must always be able to rely on the secure and responsible handling of their digital life fragments.
