The security incident, revealed last week, was caused by a vulnerability in Facebook's code which permitted attackers to steal access tokens.
Access tokens are used to keep Facebook users logged in when they switch over to a public profile view via the "View As" feature.
The breach was detected on September 25. The vulnerability, comprising of three separate bugs, has been resolved and the access tokens of affected users have been reset, alongside an additional 40 million users that were subject to a "View As" lookup over the past 12 months.
It took mere hours before class-action lawsuits were filed against Facebook for failing to protect user data. It seems that it took only a little longer for regulators to become involved.
According to the Data Protection Commission (DPC) for Ireland, the number of affected accounts involved in the latest security incident relating to EU citizens is less than 10 percent of the total 50 million users impacted.
This works out to roughly five million users, which is still a huge number of people who may have had their data accessed or stolen.
"We're working with regulators including the Irish Data Protection Commission to share preliminary data about Friday's security issue.
As we work to confirm the location of those potentially affected, we plan to release further info soon."
Under the Data Protection Act 1998, Facebook was fined £500,000 by the UK's Information Commissioner's Office (ICO) for permitting the data-harvesting antics of Cambridge Analytica, leading to the improper sharing of data belonging to 87 million Facebook users in the UK, US, and beyond.
The old privacy laws which once held sway in Europe permitted a maximum fine of £500,000, and this was the same amount that Equifax was fined over a data breach which compromised data belonging to 15 million UK citizens.
The UK has already issued its first GDPR notice against AggregateIQ Data Services (AIQ), which has been connected to the Facebook-Cambridge Analytica data scandal.
If Facebook is found to be in breach of GDPR for failing to adequately protect user data over this incident, the company faces a fine of up to €20 million or 4 percent of annual global turnover -- and as the fine applies to whichever is higher, the social networking giant could find itself forking out far more.
Based on Facebook's financial results for the last fiscal year, the fine could be up to $1.63 billion.
In the firm's Q2 2018 financial results, Facebook reported net income of $5.1 billion and non-GAAP earnings of $1.74 per share on revenue of $13.23 billion.
The data breach is not the only headache Facebook recently had to cope with. The company has also faced criticism over its use of phone numbers given by users in the interest of security for targeted advertising.
The worst cyberattacks undertaken by nation-state hackers