Irish data watchdog opens investigation into Facebook breach

Ireland’s internet privacy regulator has opened an investigation into the massive data breach Facebook announced last week affecting at least 50 million users.

The Data Protection Commission on Wednesday announced that it would probe whether Facebook was complying with the EU’s sweeping new internet privacy law, the General Data Protection Regulation (GDPR).

The investigation will focus on if Facebook is working to “implement technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” the regulator said in a statement.

{mosads}Facebook announced last Friday that hackers had exploited a vulnerability in the social network to gain access to at least 50 million user accounts, though it is still investigating the full extent of the breach. Facebook identified the hack on the Tuesday before the announcement.

“We have been in close contact with the IDPC since we have become aware of the security attack and will continue to cooperate with their investigation,” a Facebook spokesperson said in a statement.

The GDPR, which went into effect in May, regulates how companies must respond to data breaches, requiring them to notify authorities within 72 hours of discovering an incident. If authorities find that Facebook did not do enough to have prevented the breach, the company could be subjected to massive fines up to 4 percent of its global revenue or around $1.6 billion.