Facebook could be set to face a fine of above $1.6bn, under European Union’s (EU) General Data Protection Regulation (GDPR) over a recent data breach which hit nearly 90m plus users accounts.

Facebook is under increased pressure to demonstrate that users’ personal data is protected. With the recent, Facebook revealed that it had discovered a security issue, hackers exploiting a vulnerability within Facebook’s code that allowed them to steal access tokens using the social network’s ‘View As’ feature, which lets people see what their own profile looks like to other users. Access tokens play the role of digital keys that keep people logged in to Facebook when using the app. Facebook says it has temporarily turned off the feature while it conducts its investigation into the issue.

Facebook would be subject to hefty fines under GDPR. It appears that the breach was the result of a cyber-attack and not due to negligence, if this is the case then any fines will be proportionate and will take this into account. Under GDPR, the EU’s data privacy law which was implemented in May, companies that don’t do enough to protect the user data of EU citizens face maximum fines of €20m or four per cent of the company’s global annual revenue for the prior year, depending on which is higher. In Facebook’s case, it would be the latter and could see it having to cough up a hefty $1.6bn.

In addition to adhering to its reporting obligations under GDPR, Facebook says it has notified US law enforcement about the issue. Meanwhile, it has reset the access tokens for all of the accounts it knows were affected and is also taking steps to resetting the access tokens of a further 40m accounts, which have been subject to a ‘View As’ look-up in the past year, as a precaution. As a result, 90m Facebook users will have to login to the Facebook app again.

Facebook says it is still unclear as to whether the targeted accounts have been misused or what information has been accessed. Furthermore, it doesn’t yet know who is behind the attacks.

This breach appears to have impacted 50m users of the social network site meaning that a vast amount of personal data is now in the hands of criminals. It is therefore imperative that Facebook are forthcoming in contacting all those affected, provide information on what this breach means for them, and offer support to those who are likely to be very concerned by the news.

In a recently published report, despite the number of internet of things (IoT) devices around UK homes, only 15 per cent of UK families use software or apps to protect the technology they have in their homes. Alongside the lack of families utilising security technology, 28 per cent of them have no intention of strengthening their security measures even in light of the various data breaches recently. Meanwhile, 41 per cent say they are either not very concerned or not concerned at all about the risk of a cyber-attack.

When it comes to their children, parents tend to change their tune regarding security. However, 85 per cent say they would like more control over the websites their children have access to and 80 per cent of parents would like more control over how much time their children spend online.

Lastly, It’s important to remain vigilant in checking your account and bank statements to ensure there’s nothing unusual. However, but if you do see any suspicious activity we recommend contacting your bank immediately.