Facebook could get hit with a massive EU fine by a European Union privacy watchdog after the company announced on Friday (Sept 28) it had suffered a Facebook data breach that compromised the accounts of more than 50 million users.
Ireland’s Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, has requested more information from the company about the breach, including which EU residents might be affected.
It could fine Facebook as much as $1.63 billion if regulators find the company violated the bloc’s strict new data privacy law. Under its General Data Protection Regulation (GDPR), companies that fail to safeguard their users’ data could face a maximum fine of €20 million ($23 million), or 4 percent of a firm’s global annual revenue for the prior year, whichever is higher.
In an emailed statement, the regulator said it is “concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point,” according to the Wall Street Journal.
A spokeswoman for Facebook said that the company intends to answer DPC’s questions, as well as keep regulators informed of further developments.
Last week, the social media giant revealed that around 50 million of its users had their data exposed through an attack on its network. Facebook found that attackers were able to take control of user accounts through a function within the platform’s code.
Facebook had the vulnerability fixed and reached out to authorities. More than 90 million users had to log out of their accounts as a result of the breach, which has been described as a typical measure taken with comprised accounts.
“We’re taking it really seriously,” Facebook Chief Executive Mark Zuckerberg told reporters in a conference call. “We have a major security effort at the company that hardens all of our surfaces.”
Zuckerberg added, “I’m glad we found this. But it definitely is an issue that this happened in the first place.”