Brussels (Brussels Morning) Irish regulators have launched an inquiry into a personal data breach at Facebook, allegedly affecting more than 500 million users worldwide. As Facebook operates in Europe through its subsidiary in Ireland, it is up to Dublin to investigate potential damage done to European citizens, Deutsche Welle reported.
The Facebook breach resulted in leaks of troves of personal data, including names, Facebook IDs, phone numbers, locations, birthdates and e-mail addresses of some 533 million users from more than 100 countries.
According to Ireland’s Data Protection Commission (DPC), Facebook has possibly broken “one or more provisions” of both EU and Irish law. The DPC confirmed that it has already received “a number of responses” from Facebook.
In a blog post published last week, Facebook attempted to downplay the breach, claiming it was related to data scraped or obtained by hackers using its contact importer tool, and that the breach occurred sometime before September 2019. The post noted that the security hole used in the breach has been fixed in the meantime.
However, Facebook could still face legal trouble since the company indirectly confirmed it has known about the breach for more than a year, whereas EU regulations require companies to inform their clients whenever their personal data is compromised.
The company issued a statement saying it is cooperating “fully” with the Irish regulators It notes that the inquiry “relates to features that make it easier for people to find and connect with friends on our services”. According to a company spokesman, these “features are common to many apps and we look forward to explaining them and the protections we have put in place”.
Companies found to be in breach of the EU General Data Protection Regulation (GDPR), which regulates citizens’ rights regarding the use of their personal data by firms, can be fined up to 4% of their annual revenues – which would come to some 3.4 billion dollars for Facebook, given its 2020 revenues of around 86 billion dollars.