Ireland’s data protection authority has launched an inquiry into Facebook over a breach of personal data.
The personal details of more than 530 million Facebook users were found available on a website for hackers last week.
According to the cybercrime intelligence firm Hudson Rock, as many as 533 million Facebook accounts had their phone numbers, email addresses, and dates of birth compromised.
Users from 106 countries were reportedly affected, including more than 35 million accounts in Italy and almost 20 million accounts in France.
On Wednesday, Ireland’s Data Protection Commission confirmed that they were investigating whether personal data rights had been infringed in the European Union.
“The DPC engaged with Facebook Ireland in relation to this reported issue, raising queries in relation to GDPR compliance to which Facebook Ireland furnished a number of responses,” the authority said in a statement.
Facebook had acknowledged the data breach, saying that “malicious actors” were responsible, but said the breach was not new.
“We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019,” said Mike Clark, Facebook’s director of Product Management.
“This feature was designed to help people easily find their friends to connect with on our services using their contact lists.”
Facebook added that the hacked material did not include financial information, health information, or passwords, and say they had taken action to prevent similar breaches from occurring in the future.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Clark said in a statement.
However, the platform has been widely criticised for failing to apologise for the hack, and not learning lessons from previous breaches. It is not clear if Facebook notified affected users at the time.
Ireland’s Data Protection Commission initially said it was working to establish the full facts of the incident, to check it was indeed from 2019, and added that they had received no proactive communication from Facebook.
Since Facebook’s European headquarters are based in Dublin, the company answers to the Irish Data Protection Commission in the European Union.
The social network’s reputation was tarnished in 2018 by the Cambridge Analytica scandal when a British firm hijacked the personal data of up to 87 million Facebook users for political propaganda purposes.
Facebook has not yet commented on the latest inquiry.