The Irish Data Protection Commissioner (DPC) has released a statement following the breach of the records of 533 million Facebook users. The DPC stated that previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality. The newly published dataset seems to comprise the original 2018 (pre GDPR) dataset and combined with additional records, which may be from a later period. Because this particular scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR. The DPC attempted over the weekend to establish the full facts and is continuing to do so. It received no proactive communication from Facebook.