Facebook’s lead EU regulator has started an investigation into the recent cyberattack on the social networking site.
According to Reuters, the Irish Data Protection Commissioner (DPC) announced on Wednesday (Oct. 3) that it has launched an investigation into the breach that exposed the data of about 50 million Facebook users. The social media giant found that attackers were able to take control of user accounts through a function within the platform’s code.
“In particular, the investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes,” the DPC said in a statement.
Under GDPR, companies that fail to safeguard their users’ data could face a maximum fine of €20 million ($23 million), or 4 percent of a firm’s global annual revenue for the prior year, whichever is higher.
Facebook has already informed the DPC that their own investigation is ongoing, and that the company will continue to take actions to lessen the potential risk to users. And earlier this week, a company spokeswoman said the company plans to answer all of DPC’s questions, as well as keep regulators informed of further developments.
In the meantime, the vulnerability that caused the breach has been fixed, and Facebook added that it reached out to authorities when the vulnerability was discovered. More than 90 million users had to log out of their accounts as a result of the breach, which has been described as a typical measure taken with comprised accounts.
“We’re taking it really seriously,” Facebook Chief Executive Mark Zuckerberg told reporters in a conference call at the time. “We have a major security effort at the company that hardens all of our surfaces.”
Zuckerberg added, “I’m glad we found this. But it definitely is an issue that this happened in the first place.”