In a shocking turn of events, a former Meta employee is under investigation by the Metropolitan Police for allegedly downloading approximately 30,000 private photographs of Facebook users. The engineer, residing in London, is suspected of crafting a programme that allowed him to bypass security protocols and gain unauthorised access to personal images on the platform. This breach raises serious concerns about data security and privacy within one of the world’s largest social media networks.
Details of the Investigation
According to reports, the breach was uncovered over a year ago, prompting immediate action from Meta. A spokesperson for the tech giant confirmed that the company terminated the employee’s contract and promptly alerted law enforcement authorities. The Metropolitan Police have since taken over the case, with a spokesperson revealing that a man in his 30s was arrested in November 2025 for suspected unauthorised access to computer material. After his arrest, he was released on bail and is scheduled to report back to the police in May.
FBI Involvement
Adding another layer to this unfolding story, the investigation has been bolstered by a referral from the Federal Bureau of Investigation (FBI) in the United States. Officers from the Metropolitan Police’s Cybercrime Unit are now diligently examining the circumstances surrounding the data breach. This collaboration hints at the seriousness of the situation, reflecting a broader concern over tech companies’ data protection measures.
Meta’s Response
In light of the breach, Meta has taken steps to inform the affected Facebook users whose images were compromised. The company has also committed to enhancing its security measures to prevent future incidents. This breach is not an isolated case; it follows a troubling trend of security lapses at Meta. In November 2022, the Irish Data Protection Commission fined Meta €265 million (£228 million) due to the exposure of personal data affecting hundreds of millions of users.
Ongoing Legal Troubles
The saga doesn’t end there. In September 2024, the Irish Data Protection Commission found that Meta had incorrectly stored users’ passwords without encryption, leading to a hefty €91 million (£75 million) fine. Moreover, the company has been embroiled in legal disputes concerning the addictive nature of its apps. A recent case in California resulted in a jury awarding $6 million (£4.5 million) to a young woman, known as Kaley, for the mental health repercussions attributed to the addictive design of Meta’s platforms, which include Facebook, Instagram, and WhatsApp. Meta and Google, the latter also implicated in the case, have expressed their intention to appeal the verdict.
Why it Matters
This latest incident highlights the urgent need for robust data security protocols within tech companies, particularly those handling vast amounts of personal information. As users become increasingly aware of their digital rights and the risks associated with data breaches, companies like Meta must not only bolster their security frameworks but also rebuild trust with their user base. The implications of this investigation may resonate far beyond the individuals directly affected, potentially shaping future regulations and user expectations regarding privacy in the digital age.