The Irish Data Protection Commission (DPC) is probing whether any of the data records of 533 million Facebook users published over the weekend were leaked after the implementation of the General Data Protection Regulation (GDPR).
A dataset, appearing to be sourced from Facebook, appeared on a hacking website containing records of 533 million individuals, including phone numbers and email addresses. The DPC said a significant number of users were European Union residents and much of the data appears to have been scraped from Facebook profiles.
These leaks were before the implementation of GDPR in May 2018 and therefore Facebook did not notify the DPC. However, the DPC is saying that there also “additional records” in the newly published dataset “which may be from a later period” and therefore under the scope of GDPR.