Skip to main content
  • Register
  • Help
  • Contact us

Facebook is under investigation in the EU for its massive leak of 533 million people's data - and it could face a fine in the billions

A European regulator announced that it's investigating Facebook over a leak of 533 million people's data.

Article originally published by Business Insider. Hargreaves Lansdown is not responsible for its content or accuracy and may not share the author's views. News and research are not personal recommendations to deal. All investments can fall in value so you could get back less than you invest.

  • A European regulator announced that it's investigating Facebook over a leak of 533 million people's data.
  • Ireland's Data Protection Commission will probe whether Facebook broke EU privacy laws.
  • Facebook could face a fine of up to 4% of its $86 billion global revenue if found responsible.

Europe's leading privacy regulator is investigating whether Facebook broke the law in its handling of a leak of over 533 million people's phone numbers and personal data.

Ireland's Data Protection Commission, the body charged with overseeing Facebook's privacy compliance in the European Union, announced it had opened an investigation into the social media giant on Wednesday. If Facebook is found to have violated the EU's data rules, it could face a monetary fine of up to 4% of its $86 billion global revenue.

In a statement, the DPC said it believes EU data rules "may have been, and/or are being, infringed in relation to Facebook Users' personal data."

The personal data of over 533 million Facebook users were dumped online for free in a hacking forum earlier this month, Insider first reported. The data included phone numbers that users didn't make public on their Facebook profiles, which were scraped by cybercriminals in violation of Facebook's terms of service.

A Facebook spokesperson said in a statement to Insider that the company is "cooperating fully" with the investigation, adding that the DPC is probing a now-patched vulnerability in a Facebook tool that made it possible to gather information about a Facebook user by entering their phone number.

"We are cooperating fully with the IDPC in its enquiry, which relates to features that make it easier for people to find and connect with friends on our services. These features are common to many apps and we look forward to explaining them and the protections we have put in place," the spokesperson said.

When news of the leak first broke, Facebook said the data was scraped due to a vulnerability that the company patched in 2019, and downplayed the issue as "previously reported" - but the company never publicly addressed the vulnerability in detail until the data dump this month.

Facebook also said it does not plan to notify the hundreds of millions affected by the data breach because it's not confident that it has full knowledge of which users are affected, and because users can't take steps to fix the issue given that the data has already been published online.

The DPC investigation comes on the heels of pressure from the European Commission. Justice commissioner Didier Reynders said on Monday that he had met with the DPC head Helen Dixon regarding the Facebook leak.

The EU investigation will probe whether Facebook had a legal obligation to notify users and European regulators when it found and fixed the vulnerability. The EU's data privacy rules, known as GDPR, require such disclosures - but the GDPR only applies to data processed after 2018, and it's not yet clear if the leaked Facebook data was scraped before the GDPR went into effect.

The DPC said that it has already started questioning Facebook about the data leak and that Facebook has "furnished a number of responses."


This article was written by aholmes@businessinsider.com (Aaron Holmes) from Business Insider and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to legal@industrydive.com.


Newsroom: our daily email

Sign up to receive the daily headlines that matter to investors.


Please correct the following errors before you continue:

    Existing client? Please log in to your account to automatically fill in the details below.

    Loading

    Your postcode ends:

    Not your postcode? Enter your full address.

    Loading

    Hargreaves Lansdown PLC group companies will usually send you further information by post and/or email about our products and services. If you would prefer not to receive this, please do let us know. We will not sell or trade your personal data.

    Article originally published by Business Insider. Hargreaves Lansdown is not responsible for its content or accuracy and may not share the author's views. News and research are not personal recommendations to deal. All investments can fall in value so you could get back less than you invest.

    Free news email alerts

    • Daily and weekly news
    • Major Publishers
    Register