The Irish Data Protection Commission (DPC) is looking into whether Twitter violated the General Data Protection Regulation (GDPR) in relation to a data breach that allegedly affected 5.4 million users.
The investigation, which was launched on December 23, followed a dialogue between the regulator and the social media giant regarding a security vulnerability identified by Twitter in August. The amount of the apparent harm done increased in November, when media stories highlighted the open publication of user details on hacker forums.
According to reports, the hacked details included private information such as phone numbers and email addresses.
“The DPC, having considered the information provided by [Twitter] regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the [Data Protection Act 2018] may have been, and/or are being, infringed in relation to Twitter users’ personal data,” the regulator said in a press release.
The Irish DPC fined Meta Platforms 265 million euros (then-US $274 million) last month for a security flaw that affected over 500 million Facebook users. Twitter has previously been sanctioned by the authority, with the corporation ordered to pay €450,000 (then-US $547,000) in December 2020 for failing to notify a data breach in 2018.
While Twitter has been under increased attention from authorities after huge layoffs and resignations following Elon Musk's takeover of the company in October, the security issue the Irish DPC is looking into dates back as far as June 2021, according to the company's August statement. Twitter stated that it corrected the problem after being made aware of it in January.
In August, a former Twitter cybersecurity executive revealed systematic data security flaws at the firm, claiming he was sacked after raising concerns internally with management earlier this year.
Twitter did not respond to requests for additional information.
By fLEXI tEAM