British authorities have levied the maximum possible £500,000 ($644,900) fine on Facebook after the social media network failed to safeguard its users’ data. The U.K.’s Information Commissioner’s Office investigated the breach, which centered on a data-harvesting app developed for tech and analytics firm Cambridge Analytica, which has since closed.
“The ICO is clear that Facebook effectively broke the law by failing to keep users data safe,” the commissioner’s office said in a statement.
Damian Collins, a member of Parliament and chair of the government’s committee on digital affairs and media, demanded further investigation. “Given that the ICO is saying that Facebook broke the law, it is essential that we now know which other apps that ran on their platform may have scraped data in a similar way,” he said. “This cannot be left to a secret internal investigation at Facebook.”
The data of 87 million users was accessed, according to the ICO, but Collins said the “number of Facebook users affected by this kind of data-scraping may be far greater than has currently been acknowledged.”
Facebook claims it did not know about the breach until it was reported in the press in 2015. Facebook CEO Mark Zuckerberg has repeatedly turned down requests from Collins’ parliamentary committee to appear before it, though he has testified before the U.S. Congress.
“They say that Mark Zuckerberg did not know about it until it was reported in the press this year,” Collins said. “In which case, given that it concerns a breach of the law, they should state who was the most senior person in the company to know, why they decided people like Mark Zuckerberg didn’t need to know, and why they didn’t inform users at the time about the data breach.”