Facebook has been fined £500,000 ($644,600) in the U.K. after the country’s privacy watchdog said it had carried out “serious breaches of data protection.”
The Information Commissioner’s Office (ICO) said Thursday that the personal information of at least 1 million U.K. users had been harvested by Facebook and subsequently put at risk.
The ICO said the relevant data, processed between 2007 and 2014, was accessible to third-party developers without any consent being granted by the Facebook users.
The watchdog originally notified its intention to implement its maximum possible fine back in July.
Confirming the decision, the Information Commissioner Elizabeth Denham said the social media giant had failed to keep personal information secure.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better,” she said in a statement.
The fine arose following the ICO’s report investigating whether personal data had been misused by political campaigns during the 2016 referendum on the U.K.’s membership of the European Union.
One firm, Cambridge Analytica, which found itself at the center of Facebook’s data scandal earlier this year, was found to have shared data gathered from the social network’s users to target political advertising in the U.S.
Facebook recorded a second-quarter net income of $5.1 billion in July. The earnings figure, along with a projected slowdown in users, resulted in a steep sell-off in the company’s stock.
Facebook reports third-quarter results on Tuesday.