Facebook is under investigation in Europe for a leak that exposed the personal data of 530 million global users of its services. The Irish Data Protection Commission, the watchdog responsible for ensuring Facebook abides by European privacy laws, announced on Wednesday that it was opening an inquiry into whether the leak constituted a breach of the General Data Protection Regulation (GDPR).

Personal information on hundreds of millions of Facebook users, including names, birth dates, email addresses and phone numbers, was discovered on a website for hackers back in January. The data set contains information on 533 million users from 106 countries, according to Business Insider, which first reported on its availability at the beginning of April.

Earlier this month, Facebook claimed the leak hadn’t been caused by its services being hacked, but through the exploitation of a security hole that allowed data to be scraped from the platform. The vulnerability was fixed by Facebook in 2019, the company said.

The aim of the DPC’s investigation will be to establish whether Facebook complied with its obligations as the “controller” of users personal data, the regulator said in a statement. Among these obligations are Facebook’s responsibility to inform the correct data protection authority and affected individual users of any data leaks in a timely manner.

Facebook does still not yet appear to have notified any users affected by the leak, and the company didn’t immediately respond to request for comment. If Facebook is found to be in breach of GDPR, the company can be fined up to 4 percent of its global annual turnover.

To check whether a particular Facebook account was affected, users can search the breach-tracking website Have I Been Pwned?