The Irish Data Protection Commissioner will launch a formal investigation into the Facebook data breach that saw the personal information of hundreds of millions of users exposed online.
The regulator was already in the process of examining claims the data was lifted as far back as 2019, but has now come to the conclusion that data protection laws may have been violated by the social media company.
In a statement, Facebook said it intends to cooperate fully with the investigation and looks forward to explaining the factors that led to the breach and the protections in place to shield user data.
- We've built a list of the best password managers available
- Here's our list of the best business password managers around
- Check out our list of the best secure password generators
Facebook data breach
Earlier this month, it emerged Facebook had suffered a large scale data incident that compromised the personal information of hundreds of millions of users from across the globe.
Made possible by a bug in the platform’s contact syncing feature, the leak is said to have affected 533 million users from 106 different countries, exposing users’ names, email addresses, phone numbers and more.
After the incident came to light, Facebook drew further criticism for refusing to notify the individuals whose data had been exposed, leaving people to investigate of their own accord. Asked to justify the decision, a spokesperson explained the company does not yet have a full understanding of the specific users caught up in the breach.
Facebook was also eager to clarify that the data was not stolen via hacking, but rather scraped from the platform. The company claims the attacker had abused a vulnerability that was identified and patched in 2019, which would suggest data housed on its platform today is not at immediate risk.
Nonetheless, the Data Protection Commission believes the company may have violated “one or more provisions of the GDPR and/or Data Protection Act” in its handling of user data.
“Accordingly, the commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users,” said the regulator.
- Here's our list of the best identity theft protection services around