In a shocking turn of events, a former Meta employee is currently under scrutiny by the Metropolitan Police for allegedly downloading an astonishing 30,000 private photographs from Facebook users. This incident, which raises serious concerns about data privacy and security, has prompted an investigation that underscores the ongoing challenges faced by tech giants in safeguarding user information.
The Allegations Unfold
The engineer, whose identity has not been disclosed, is believed to have devised a clever method to bypass Meta’s security protocols. Residing in London, the individual reportedly created a program that enabled access to personal photos without triggering any alarms. This breach was detected over a year ago, leading Meta to terminate the employee’s contract and promptly alert law enforcement authorities.
A spokesperson from Meta confirmed to the BBC that the incident was taken seriously, stating, “We immediately dismissed the individual and referred the matter to the relevant authorities.” The Metropolitan Police have since confirmed that a man in his thirties was arrested in November 2025 on charges of unauthorised access to computer material. Following his arrest, he was released on bail, with a requirement to report back to police in May.
The Ongoing Investigation
This case is now in the hands of the Metropolitan Police’s Cybercrime Unit, which is collaborating with the Federal Bureau of Investigation (FBI) in the United States. The cross-border nature of this investigation highlights the complexities of cybersecurity in today’s interconnected digital landscape.
Meta has stated that it has informed the affected Facebook users about the breach and has since implemented enhancements to its security framework to prevent similar incidents in the future. However, this latest breach is just one of several security issues that have plagued the company in recent years.
A Pattern of Security Breaches
The incident comes in the wake of several critical findings against Meta regarding its handling of user data. In November 2022, the company faced a hefty fine of €265 million (£228 million) from the Irish Data Protection Commission (DPC) for a breach that exposed the personal information of millions of users. More recently, in September 2024, the DPC discovered that Meta had inadvertently stored user passwords in an unencrypted format, resulting in an additional fine of €91 million (£75 million).
Beyond data breaches, Meta has also encountered legal challenges regarding the addictive nature of its platforms. In March, a jury in California ruled in favour of a young woman, awarding her $6 million (£4.5 million) in damages after determining that both Meta and Google had intentionally designed their social media applications to be addictive, negatively impacting users’ mental health. Both companies have expressed their intention to appeal the verdict.
Why it Matters
This investigation highlights a troubling trend in the tech industry, where user privacy is sometimes compromised for profit or oversight. As data breaches become increasingly common, users must remain vigilant about their digital footprints. The actions of this former employee not only breach trust but also serve as a stark reminder of the importance of robust cybersecurity measures. As Meta and other tech giants strive to restore public confidence, the outcomes of such investigations could shape the future of data protection laws and user rights in the digital age.
