Ireland's data privacy agency opens investigation into Facebook data leak

The dataset dates back to 2019 but only recently resurfaced in hacker forum.

Dado Ruvic / Reuters

Ireland's Data Protection Commission (DPC) is investigating the recent leak of a Facebook user dataset that dates back to 2019. At the start of April, it came out that someone on a hacking forum had made the dataset public, exposing the personal information of about 533 million Facebook users in 106 countries. Depending on the account, there are details about phone numbers, birth dates, email addresses, locations and more. The source of the leak is an oversight Facebook fixed in August 2019.

“The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data,” the agency said in a statement spotted by TechCrunch.

The timing of the announcement comes after Didier Reynders, the EU Commissioner for Justice, tweeted that he spoke with the DPC about the leak. With many international companies operating their European headquarters out of Ireland, it often falls to the agency to investigate potential GDPR infractions on behalf of the EU.

“We are cooperating fully with the DPC in its inquiry, which relates to features that make it easier for people to find and connect with friends on our services," a spokesperson for Facebook told Engadget. "These features are common to many apps and we look forward to explaining them and the protections we have put in place.”

After Business Insider was one of the first publications to report on the database finding its way online, a spokesperson for Facebook told NPR the company wasn't planning to notify people of this latest development. From the company's perspective, there's an argument that the data is 'old.' But people change their emails and phone numbers infrequently. To that point, Have I Been Pwned, a tool you can use to find out if someone leaked your email in a data breach, has been fielding about six times as many requests as usual since news of the forum posting came out.