An inquiry has been launched into Facebook by Ireland's Data Protection Commission (DPC) Wednesday after a dataset reported to contain personal data relating to some 533 million Facebook users worldwide was made public.
Facebook said in a blog post last week that "malicious actors" had obtained the data prior to September 2019 by "scraping" profiles using a vulnerability in the platform's tool for syncing contacts.
The DPC said that having considered information provided by Facebook, it was of the opinion that one or more provisions of the EU's General Data Protection Regulation's (GDPR) and/or the Data Protection Act 2018 "may have been, and/or are being, infringed in relation to Facebook Users' personal data."
A spokesperson for Facebook did not immediately comment on the investigation.
The DPC is the European Union's lead regulator of Facebook, Apple, Google and other technology giants under the GDPR's "One Stop Shop" regime, due to the location of their EU headquarters in Ireland.
The regulator said last week that previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website, which at the time Facebook said occurred between June 2017 and April 2018, before the GDPR rules came in.
It also said last week that the newly published data leak seemed to comprise the original 2018 dataset combined with additional records, which may be from a later period.
The DPC had more than 27 major inquiries into U.S technology firms open at the end of last year, 14 of which are into Facebook and its WhatsApp and Instagram subsidiaries.