Facebook breach hit 3 million in EU, putting new privacy law to test

Facebook CEO Mark Zuckerberg

Facebook may have a run-in with Europe's new privacy law.

The Irish Data Protection Commission said Tuesday that roughly 3 million Facebook users living in Europe were affected by a data breach at the social network in September, according to CNBC. 

Last week, the social network said hackers stole user information from 29 million people, rather than the 50 million it originally indicated in September. The hackers pilfered the information from user accounts after stealing Facebook's digital keys. The stolen information included names, birth dates, hometowns, workplaces and contact details, such as emails and phone numbers.

Facebook confirmed that it has been working with the IDPC over the past two weeks.

The data breach marks the first major test of Europe's new General Data Protection Regulation, according to CNBC. In May, the privacy law went into effect across the European Union's 28 member states. It affects companies with a digital presence in the EU, such as Facebook, and requires more openness about what data companies have and who they share it with.

Facebook CEO Mark Zuckerberg told US lawmakers in April that the GDPR in general "is going to be a very positive step for the internet."

The GDPR requires companies to disclose breaches within 72 hours. If it failed to comply in time, Facebook could face a penalty of more than a billion dollars.

"We strongly encourage Facebook to cooperate fully with the Irish Data Protection Commissioner and to provide all the necessary information to the persons affected, in line with EU data protection rules," said Christian Wigand, spokesman of European Commission, in an email statement. 

The Irish Data Protection Commission didn't immediately respond to requests for comment.