A former Meta employee is under criminal investigation in the United Kingdom over allegations that he accessed and downloaded private Facebook user data without authorization, according to reports and official statements.
The case involves a London-based engineer who is suspected of downloading approximately 30,000 private images belonging to Facebook users while working at the company. Authorities allege that the individual created a custom script designed to bypass internal security systems, allowing access to data that would normally be restricted.
The investigation is being handled by the Metropolitan Police’s cybercrime unit. The suspect is currently on bail while the inquiry continues, with legal proceedings expected to develop as authorities review the evidence.
Meta confirmed that it identified the incident internally more than a year ago. According to the company, it took immediate action after discovering the unauthorized activity. The employee was dismissed, affected users were notified, and the case was referred to law enforcement in the UK.
The alleged breach did not involve an external hack but rather the misuse of internal access by an employee. Reports indicate that the individual was able to evade detection systems during the activity, raising questions about how internal safeguards functioned at the time.
Meta stated that it has since updated and strengthened its security measures to prevent similar incidents. The company emphasized that it continues to invest in monitoring tools and internal controls designed to detect unusual access patterns and unauthorized data use.
Regulators are also aware of the case. The UK Information Commissioner’s Office has acknowledged the incident, although it has not announced any enforcement action at this stage.
The situation highlights ongoing concerns around insider threats in large technology companies, where employees may have elevated access to sensitive systems. While external cyberattacks often draw more attention, cases involving internal misuse can expose significant amounts of user data if not detected quickly.