Facebook Inc. could be fined as much as $1.63 billion by the European Union over a data breach revealed Friday that compromised the accounts of 50 million users.

The Wall Street Journal suggested the figure Sunday, reporting that Ireland’s Data Protection Commission, which is charged with investigating Facebook on behalf of the EU, has demanded information from the company as part of a potential formal investigation.

“[We are] concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point,” the commission said in a statement.

The hack, which involved unknown people gaining the ability to access Facebook accounts using a vulnerability in the generation of access tokens via the “View As” feature, could become the biggest test of the EU’s General Data Protection Regulation to date.

Pravin Kothari, chief executive officer of CipherCloud Inc., told SiliconANGLE that the hack raises a lot of questions. “Whom did this impact, exactly? Do any of those 50 million customers impacted reside in the European Community? If so, will this fall under GDPR and how will it be treated?”

“Given the horrendous publicity from the Cambridge Analytica data exposures, the EU reaction is not easily predicted,” he said. “Not knowing all of the detail of when the breach was discovered, who, exactly was impacted, who was responsible, etc., the possible outcomes may be worse than we know today. We’ll have to see what Facebook discloses about potential liability if any exists. The calculations of the potential fines under GDPR are a bit mind-boggling with any possible impact to millions of users.”

Under GDPR, companies that are hacked and found to have not adequately safeguarded users risk a fine of $23 million or 4 percent of a firm’s annual revenue for the prior year. The $1.63 billion figure is calculated using Facebook’s annual revenue in 2017.

Although the EU fine remains a strong possibility, others note that the Facebook hack isn’t as serious as some are suggesting

“In something as big and complicated as Facebook, there are bound to be bugs,” said Sophos Group plc Principal Research Scientist Chester Wisniewski. “The theft of these authorization tokens is certainly a problem, but not nearly as big a risk to user’s privacy as other data breaches we have heard about or even Cambridge Analytica for that matter.”

As with any social media platform, he pointed out, users should assume their information may be made public, through hacking or simply through accidental oversharing, which is why sensitive information should never be shared through these platforms.

“For now, logging out and back in is all that is necessary,” he said. “The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms they share personal information with.”

Photo of Facebook CEO Mark Zuckerberg: quintanomedia/Flickr