European privacy regulators are considering imposing up to $1.63 billion in fines over Facebook’s latest data breach, which exposed the data of at least 50 million user accounts, according to reporting by the Wall Street Journal on Sunday. The data breach, which was revealed Friday, is a major black eye for the social network, as it impacted users who used the site’s popular “View As” feature, a privacy tool that lets users see how their Facebook profile page looks to visitors, including people who they are not ‘friends’ with on the site.
According to the Journal, Facebook’s lead European privacy regulator, Ireland’s Data Protection Commission (DPC), wants more details from the social network about the data breach’s scope, including information on EU users that were impacted. The DPC said in an email to the Journal that it is “concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point.” The DPC has also posted updates about its inquiry to its Twitter account:
.@DPCIreland is awaiting from Facebook further urgent details of the security breach impacting some 50m users, including details of EU users which have been affected, so that we can properly assess the nature of the breach and risk to users. #dataprotection #GDPR #eudatap https://t.co/3oM3BSaSBS
— Data Protection Commission Ireland (@DPCIreland) September 30, 2018
According to Facebook, users’ passwords were not revealed in the data breach, though impacted accounts did have to re-log into the social network on Friday. Here’s how to tell if your account was impacted by Facebook’s data breach, if you’re unsure.
In response to the Journal‘s report, a Facebook spokeswoman said Sunday that the company will answer the DPC’s questions, as well as provide regulators with further updates.
This issue is unlikely to go away soon for Facebook, as Europe’s General Data Protection Regulation is much more stringent than U.S. privacy requirements.
