The Irish Data Protection Commission said Tuesday that roughly 3 million Facebook users living in Europe were affected by a data breach at the social network in September, according to CNBC.
Last week, the social network said hackers stole user information from 29 million people, rather than the 50 million it originally indicated in September. The hackers pilfered the information from user accounts after stealing Facebook’s digital keys. The stolen information included names, birth dates, hometowns, workplaces and contact details, such as emails and phone numbers.
Facebook didn’t immediately respond to a request for comment.
The data breach marks the first major test of Europe’s new General Data Protection Regulation, according to CNBC. In May, the privacy law went into effect across the European Union’s 28 member states. It affects companies with a digital presence in the EU, such as Facebook, and requires more openness about what data companies have and who they share it with.
The GDPR requires companies to disclose breaches within 72 hours. If it failed to comply in time, Facebook could face a penalty of more than a billion dollars.
The Irish Data Protection Commission and the European Commission didn’t immediately respond to requests for comment.