Ireland’s Data Protection Commission (DPC) said on Wednesday it had launched an inquiry into Facebook Inc, after a dataset reported to contain personal data relating to some 533 million Facebook users worldwide was made public.

Axar.az reports that Facebook said in a blog post last week that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts.

The DPC said that having considered information provided by Facebook, it was of the opinion that one or more provisions of the EU’s General Data Protection Regulation’s (GDPR) and/or the Data Protection Act 2018 “may have been, and/or are being, infringed in relation to Facebook Users’ personal data.”

A spokeswoman for Facebook said the company was cooperating fully with the inquiry “which relates to features that make it easier for people to find and connect with friends on our services.”

“These features are common to many apps and we look forward to explaining them and the protections we have put in place,” the spokeswoman added.