Ireland’s Data Protection Commission (DPC) has confirmed that it has launched an investigation into the massive data breach at Facebook that was disclosed last week.
At least 50m accounts were breached, with a further 40m potentially affected. The breach is the largest in Facebook’s 14-year history and the company is still trying to determine whether the attacker misused any accounts or stole private information.
The case could be one of the first major tests of the EU’s General Data Protection Regulation (GDPR) legislation which came into force in Europe in May. Under GDPR rules, companies could be hit with fines of up to €20m or 4pc of global turnover, whichever is higher. Not only that, but affected EU users are empowered under the rules to take litigation against companies if they have been affected.