Close this search box.

Meta Hit with $20 Million Penalty for VPN Data Mining


In a recent and dramatic data privacy violation, Meta, the technology giant, was met with a substantial penalty – a staggering $20 million fine 

Onavo: Protect or Collect? 

Meta’s VPN service, Onavo Protect, was not as safe as users believed. Users saw it as a shield for their data, but it had a hidden agenda. It was collecting user data in the background, all the while keeping users in the dark. This case exposed a hidden risk of VPN misuse and emphasised the importance of transparency in data handling. 

Users Unknowingly Exposed 

Users believed they were safe, thanks to Meta’s VPN. It was promoted as a solution to preserve their online privacy, a sturdy digital shield. But unbeknownst to them, their online activity was being monitored and logged, their supposedly private data fed into Meta’s databases. Meta, it seems, was offering security with one hand while taking away privacy with the other.  

Meta's Onavo: from privacy promise to a $20 million privacy penalty.

Repercussions Beyond Financial Losses 

The financial burden imposed on Meta is clear and substantial. But perhaps more damaging is the invisible cost – a serious dent in Meta’s reputation and the trust that users placed in it. Let’s not forget, the fallout from a data breach isn’t just about dollars and cents – it reaches deep into the realm of relationships and trust. 

The Larger Ramifications of Meta’s VPN Data Breach 

Why does Meta’s VPN data breach matter to you? It’s not just about the millions potentially affected. It’s a wake-up call. When using services like a VPN, we trust companies with our data. In this case, that trust was exploited.  

Personal Data Protection 

This incident highlights just how important it is to protect our own data. It’s up to us to read privacy policies carefully, especially for free services. For easy-to-understand tips and strategies, visit our comprehensive Cyber Security Guide. 

Cyber Safety Tips for Individuals: 

  • Always read privacy policies: Understand what data an app collects and how it’s used before downloading. 
  • Use reputable security apps: They can monitor and protect your data from being misused. 
  • Update apps regularly: Updates often include important security patches. 
  • Opt for a paid, trusted VPN: Free VPNs often make their money through selling user data. A paid service generally provides better privacy protection.  

Cyber Safety Tips for Businesses: 

  • Be transparent: Clearly communicate how you collect, use, and store customer data. 
  • Regularly review and update your privacy policy: Laws and regulations change, so ensure your policies stay current. 
  • Adhere to Australian standards and best practices: Complying with these helps ensure you’re meeting your obligations, and engaging Governance, Risk and Compliance Services can help manage this complexity. 
  • Invest in robust security measures: These can prevent data breaches and boost customer trust. 
  • Promote user education: Help customers understand their role in data security. This can enhance your reputation and relationships. 
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →