Whoever breached Facebook was able to exploit, in part, a privacy feature on the site. Facebook, however, says it’s still investigating whether this attack was targeted. It’s unclear too how many third-party services that allow single sign-on via Facebook may also have been breached.”We’ve notified the Irish Data Protection Commission in accordance with our obligations under GDPR,” Guy Rosen, Facebook’s vice president of product management, said in a Friday press briefing.Already, however, the DPC, which enforces the country’s data privacy laws, has signaled that it finds Facebook’s breach report to have been incomplete.Under the EU’s General Data Protection Regulation, which went into full effect on May 25, organizations that suffer a serious breach involving European’s personal data must report the breach to relevant authorities within 72 hours of becoming aware of it. Failure to do so, as well as for more general information security shortcomings, can expose an organization to steep fines.

Source: Click here