The ICO also announced it proposes to bring criminal action against SCL Elections, the parent company of Cambridge Analytica (CA), for allegedly failing to comply with an enforcement notice and allow access to the data it held.
The fine "sends a clear signal that I consider this a significant issue, especially when you look at the scale and the impact of this kind of data breach", said Information Commissioner Elizabeth Denham.
"We have been working closely with the Information Commissioner's Office in their investigation of Cambridge Analytica, just as we have with authorities in the USA and other countries", he added.
If the data leak would had taken place after the new GDPR rules which came into action on May 25, the fine levied could have been much higher.
Don't miss out on the latest news and information.
USA regulators are still investigating Facebook's handling of consumer data and how it has worked with third-parties like Cambridge Analytica.
Facebook will have the opportunity to respond to the commissioner before a final decision is made, something the company said it would do soon.
ICO also called for an "ethical pause" of microtargeting ad tools to "allow the key players - government, parliament, regulators, political parties, online platforms and citizens - to reflect on their responsibilities in respect of the use of personal information in the era of big data before there is a greater expansion in the use of new technologies".
Facebook admitted in April that as many as 87 million people could have had their data shared with Cambridge Analytica, the now-defunct data firm used by the Trump campaign during the 2016 election.
The New York Times notes that the United Kingdom watchdog's fine is Facebook's first penalty, but it may herald more punitive action against the company.
Sen. Mark Warner, D-Va., the top Democrat on the Senate Intelligence Committee, said in a statement to CNN that Facebook's relationship with Mail.Ru deserved further scrutiny.
The ICO investigation found that Facebook "contravened the law by failing to safeguard people's information" and didn't inform its users "about how their information was harvested by others".
Facebook's Egan referred to the numerous investigations involving the company.
The regulator said Facebook broke the law because it failed to protect people's information, and because it wasn't transparent about how its users' data was being harvested by third parties.
In Facebook's case this would amount to around US$1.6 billion (€1.4 billion).
ICO, which does not normally publish its findings, said it would give the public another update on its investigation in October.
David Carroll, an academic who is attempting to recover his data from Cambridge Analytica, said the report strengthened his legal challenge.