Google is facing scrutiny from German data regulators, the latest fallout from an undisclosed security flaw in Google+, as first reported by Bloomberg.

German data watchdog investigating

The outlet reports that Johannes Caspar, the Hamburg-based commissioner acting as the country’s data watchdog, said his office was investigating the matter, although he does not currently have any information from Google on the issue. (Caspar’s office confirmed to The Verge that it has sent questions to the company about the incident.)

Yesterday, The Wall Street Journal revealed that a software glitch in Google+ exposed the personal information of hundreds of thousands of users. The company quietly closed the bug in March without disclosing it publicly, and said this week that, as there wasn’t evidence the data was misused, the incident did not meet Google’s requirements for disclosure. Still, the company said it would move to shut down Google+.

The incident is the latest regulatory headache for the company, which was fined a record $5 billion by the European Union in July for antitrust violations. As Bloomberg points out, the incident happened before Europe’s strict GDPR protections took place, limiting the potential consequences for the incident.

Update, October 10, 9:33 AM: Includes comment from data commissioner’s office.