Facebook Under Investigation For Massive Data Leak

The Irish Data Protection Commission has launched an investigation into the massive leak of Facebook user data online. It was recently revealed that the personal data of more than 530 million Facebook users had been posted in a low-level hacking forum, with users’ phone numbers being offered for sale. Facebook’s defence is that the data concerned was scraped, rather than hacked, and that users’ own privacy settings were to blame (this despite the fact that ‘Public’ was the default setting, even where the phone number was set to ‘Only me’). The company also claimed that the data had been scraped before the introduction of GDPR, meaning that it didn’t nered to report the leak.

“Based on our investigation to date, we believe that the information in the data-set released this weekend was publicly available and scraped prior to changes made to the platform in 2018 and 2019,” it said. However, the Irish Data Protection Commission (DPC), which oversees the Dublin-headquartered company, was sceptical, suggesting that some of the data at least might date from a later period and this be subject to GDPR.

And now, following pressure from the European Commission, it’s announced its intention to launch a full inquiry.

“The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data,” it says in a statement. “Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users by means of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer features of its service, or whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect.”

Facebook, while claiming that the contact-importing feature in question is common to many apps, has said it will cooperate with the enquiry.

The DPC’s move follows calls by the European Commission for a full investigation. Earlier this week, justice commissioner Didier Reynders said he’d spoken with data protection commissioner Helen Dixon about the matter, and was calling on Facebook to ‘actively and swiftly… shed light on the identified issues’.

If Facebook is found to be in breach of GDPR, it could face fines of up to four per cent of turnover. The company is already the subject of more than a dozen investigations by the DPC, none of which has yet reached a conclusion.

Get In Touch

Share On Social Media

Other Recent Blog Articles

The Tariff Tango: How Import Taxes Can Impact Your Computer Gear

April 22, 2025

In today’s interconnected world, the price tag on your laptop, monitor, or even that trusty keyboard often reflects a global journey of components and assembly. But what happens when governments…

Read More

From Stumptown to Secure Town: Tech Protection for Portland Small Businesses

April 22, 2025

As a small business owner in the vibrant Portland metro area, you’re likely juggling a million things. From serving your customers to managing your team and keeping a close eye…

Read More

The Perils of Public Wi-Fi: Are You Browsing Dangerously? (And How a VPN Can Be Your Digital Shield)

April 18, 2025

That free Wi-Fi at the coffee shop, the airport, or even your hotel might seem like a convenient way to stay connected. But beneath that welcoming signal lies a potential…

Read More