Ireland’s Data Protection Commission (DPC) is investigating the recent leak of a Facebook user dataset that dates back to 2019. At the start of April, it came out that someone on a hacking forum had made the dataset public, exposing the personal information of about 533 million Facebook users in 106 countries. Depending on the account, there are details about phone numbers, birth dates, email addresses, locations and more. The source of the leak is an oversight Facebook fixed in August 2019.
The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users personal data, the agency said in a statement spotted by TechCrunch.
Today I spoke with Helen Dixon @DPCIreland about the #FacebookLeak. The Commission continues to follow this case closely and is committed to supporting national authorities. We also call on @Facebook to cooperate actively and swiftly to shed light on the identified issues.
Didier Reynders (@dreynders) April 12, 2021
The timing of the announcement comes after Didier Reynders, the EU Commissioner for Justice, tweeted that he spoke with the DPC about the leak. With many international companies operating their European headquarters out of Ireland, the agency is the EU’s lead GDPR investigator.
We are cooperating fully with the DPC in its inquiry, which relates to features that make it easier for people to find and connect with friends on our services,” a spokesperson for Facebook told Engadget. “These features are common to many apps and we look forward to explaining them and the protections we have put in place.
After Business Insider was one of the first publications to report on the database finding its way online, a spokesperson for Facebook told NPR the company wasn’t planning to notify people of this latest development. From the company’s perspective, there’s an argument that the data is ‘old.’ But people change their emails and phone numbers infrequently. To that point, Have I Been Pwned, a tool you can use to find out if someone leaked your email in a data breach, has been fielding about six times as many requests as usual since news of the forum posting came out.