Irish regulator to investigate Facebook over data breach with an expected fine of up to $1.6bn
The Irish Data Protection Office has opened a probe into Facebook over last week's cyber attack, which saw more than 90m accounts potentially affected.
Ireland's data regulator will launch the case against Facebook under General Data Protection Regulations (GDPR), as it confirmed that less than 10 per cent of the users affected were inside the EU.
Facebook said on Friday that it had identified 50m accounts which were definitely involved in the breach, as well as a further 40m who could have potentially been affected due to vulnerabilities in Facebook's code.
If found guilty of breaching GDPR rules, Facebook could be fined up to four per cent of its global annual turnover, or $1.63bn (£1.25bn).
Read more: Facebook hack: 50m accounts affected by data breach
James Dipple-Johnstone, the deputy commissioner of operations for the UK's Information Commissioner's Office (ICO), said on Friday: "We will be making enquiries with Facebook and our overseas counterparts to establish the scale of the breach and if any UK citizens have been affected."
Facebook said it is working alongside the Irish regulator to uncover preliminary information surrounding the hack.
We're working with regulators including the Irish Data Protection Commission to share preliminary data about Friday's security issue. As we work to confirm the location of those potentially affected, we plan to release further info soon. https://t.co/Cs1uSMtBNk
— Meta (@Meta) October 1, 2018
The social media giant discovered the breach last Tuesday, and later alerted regulators on Thursday before going public with the hack on Friday. This indicates it came under the 72-hour deadline for informing authorities of a breach, which if not met, can trigger an additional fine of up to two per cent of its global revenue.
It is not yet known whether accounts on platforms which users access via their Facebook log-in details, such as Spotify and Instagram, have also been affected.
A class action was filed on behalf of all US users against Facebook yesterday, who claim the business was negligent in protecting its customers information and to whom GDPR rules do not apply, according to Bloomberg.
Facebook's share price closed yesterday down 1.23 per cent.