The Irish data protection Commission has announced having launched an investigation against Hyp3r, a San Francisco start-up, which scrapped millions of Instagram users' data, including their locations and stories. Instagram issued the company a cease and desist order, and then evicted it from the platform once made aware of its activities. According to Business Insider, Hyp3r had been operating in plain sight for a year, taking advantage of a weakness in Instagram's security, but Instagram failed to notice. The Irish data protection authority is now working to establish whether EU data subjects have been affected in the first instance and will then assess whether further information from Instagram is required.