EU to probe Facebook over data breach affecting 50m accounts
THE EU is preparing to investigate Facebook over a data breach which saw 50 million accounts compromised, nearly five million of which are believed to be European users.
Investigators at the Irish Data Protection Commission (IDPC), the lead supervisory authority for Facebook in the EU, are gathering information and establishing the basis for an inquiry under the General Data Protection Regulation introduced this year.
If it is found to have broken the guidelines, the social media giant could face a maximum fine of $1.63bn (£1.26bn), or four per cent of annual revenue.
Graham Doyle, head of communications at the IDPC, said: “Before we would launch any investigation there are steps that would have to be taken in relation to information gathering and preparing the scope of an inquiry.
“Furthermore we would need to establish under which provisions of the Data Protection Act 2018 we would conduct it. We are currently engaged in those steps.”
Facebook confirmed on Monday it was working with the IDPC to “share preliminary data” about the breach.
Mr Doyle added: “Facebook issued a blog on Friday last indicating that 50 million accounts were potentially affected by a security issue. We understand that the number of EU accounts potentially affected is less than 10 percent of that.
“Facebook has assured us that they will be in a position to provide a further breakdown in relation to more detailed numbers soon.”
On Friday the social media giant, which has more than two billion users worldwide, announced engineers had discovered a “security issue” which allowed hackers to easily collect access tokens from 50 million accounts.
The tokens work as digital keys, letting those who hold them log into Facebook accounts without entering a password, said Guy Rosen, Facebook’s vice president of product management.