Last Friday, Facebook announced that a data breach compromised more than 50 million users. The social media giant’s lack of transparency in the days that followed the breach has raised some eyebrows, leading to what could be a big price to pay – $1.63 billion – if regulators in the European Union find that the company violated the General Data Protection Regulation (GDPR). Facebook disclosed that it discovered the breach the breach on Tuesday, leaving some to wonder why it took them three days to disclose their customers were attacked. According to the Wall Street Journal, regulators raised concerns about the three day delay in disclosure:

“In an emailed statement, the regulator said it is ‘concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point.’”

This breach comes at a difficult time for Facebook, who has been trying to regain the trust of users and lawmakers alike in the wake of previous privacy issues. This data breach is the largest of its kind under GDPR, so it will be interesting to see the penalty Facebook faces and how sharp GDPR’s teeth are when it comes to enforcement.