Meta was punished Friday with a fine worth more than $100 million from the social media giant’s European Union privacy regulator over a security lapse involving passwords for Facebook users.

The Irish Data Protection Commission said it slapped the U.S. tech company with the 91 million euro ($101.6 million) penalty following an investigation.

The watchdog started investigating in 2019 after it was notified by Meta that some passwords had been inadvertently stored internally in plain text, which means they weren’t encrypted and it was possible for employees to search for them.